PROBLEM: (58661) (PATCH ID: OSF440-426) ******** This patch corrects slow shutdown due to name lookups while deleting routes. PROBLEM: (UTO97639A) (PATCH ID: OSF440-443) ******** This patch prevents warning messages of 'not currently mounted' from displaying for filessyetsm you did not request to umount. An example follows: # umount -a -t ufs /test5: not currently mounted <==== These are AdVFS filesystems /test2: not currently mounted /test1: not currently mounted PROBLEM: (BCSM608NX/73473) (Patch ID: OSF440-285) ******** This patch fixes a problem with the btcreate command where it does not pass the full pathname to newfs. PROBLEM: (HPAQ715Z0) (Patch ID: OSF440-171) ******** A problem in the btextract script could result in a failure of the script in the event that more than one disklabel file in the /etc/disk_lbl directory matches the disk name specified by the user. This has been corrected. PROBLEM: (BCSM816C6) (PATCH ID: OSF440-343) ******** This patch fixes a problem with the btcreate command where default restore fails if disklabel is different. PROBLEM: (HPAQ2144F) (PATCH ID: OSF440-400) ******** This patch fixes a problem with btcreate not waiting long enough between vdumps for the next tape to be loaded by some media changers. PROBLEM: (BRO101338 BRO101359) (Patch ID: OSF440-113) ******** This patch fixes system crashes seen on ASE or Cluster systems when changing the network interfaces. The stack is not informative and the panic may be "trap: illegal instruction," or "kernel memory fault." PROBLEM: (CLD MGO34008A, QAR 73553) (Patch ID: OSF440-177) ******** This patch corrects a problem where ICMP redirect packets can modify the default route. PROBLEM: (BRO101338 BRO101359) (Patch ID: OSF440-184) ******** This patch fixes system crashes seen on ASE or Cluster systems when changing the network interfaces. The stack is not informative and the panic may be "trap: illegal instruction," or "kernel memory fault." PROBLEM: (CLD HPAQ9049V, QAR 55075) (Patch ID: OSF440-053) ******** This patch fixes a problem where vi puts the server port into PASSALL MODE (where XON/XOFF is no longer effective). This creates garbage in the file. PROBLEM: (DEKQ10006) (PATCH ID: OSF440-334) ******** This patch fixes the error handling when invalid multibyte sequences are encountered in the more, ex and vi commands. PROBLEM: (EVT38717A, 81694) (PATCH ID: OSF440-529) ******** This patch fixes a problem in which the 'vi' editor core dumps when it finds invalid syntax during a substitute operation. PROBLEM: (87244) (PATCH ID: OSF440-608) ******** Now vi handles key properly for tags functionality. PROBLEM: (CLD BCSMB02JR, CLD BCGM324NQ, CLD HPAQ519K5) (Patch ID: OSF440-236) ******** This patch fixes the following three problems: 1. When printing jobs, a timeout can occur after five minutes, which causes some large print jobs to stop, then resume printing from the beginning of the print job. This has been corrected by setting the timeout to read an ACK from the remote lpd daemon to 3 days. 2. When slave lpd daemons try to process jobs on the print queue, some of them can fail to obtain a lock on the lock file, and exit with an error. this has been corrected by increasing, from 10 seconds to 120 seconds, the time limit of lpd to wait for the current daemon to either give up the lock on the queue, or print the queued jobs. 3. A problem where some print jobs will print out twice. This has been corrected by eliminating timeouts from the sendfile () procedure. PROBLEM: (HPAQ80R71, BCSM518MX, BCSM31NJD, 48482) (Patch ID: OSF440-254) ******** This patch fixes the following four problems: 1. A remote print job may fail to print, with the error message: lstat/open failed for dfA... no such file or directory 2. If a remote print job is printing, and the connection to the printer is lost, the print job does not resume printing once the connection is restored. 3. Sometimes when sequence numbers wrap around from 999 to 000, job 000 is submitted before, and prints before, job 999. 4. lpstat -u output is incorrect. PROBLEM: (77238, 76104, 73772) (PATCH ID: OSF440-333) ******** This patch fixes the following printing problems: o When using the I18N "ya" option, the queue daemon filters will terminate after 32 jobs. o Under certain circumstances, print jobs are terminated when printing to certain printers that are connected to a DECserver through TCP/IP. PROBLEM: (PATCH ID: OSF440-333) ******** This patch fixes a printing problem where lpd reads any data from the printer that has not been read, for local and remote connections. The read-backs for remote connections cause an additional 2 second timeout which may cause a job-submit failure on the job-number wraparound. This patch fixes the problem by performing the read-backs for local connections only. PROBLEM: (76329, 76559) (PATCH ID: OSF440-485) ******** This patch corrects a problem in which, under certain conditions, unnecessary error messages are written to the lpr.log file. PROBLEM: (78515, 80638, 80639, 89877) (PATCH ID: OSF440-452) ******** This patch fixes the following four printing problems: - A user is unable to delete a print job from a remote system with a hostname greater than 32 characters because the hostname was truncated. - When a TCP/IP connection fails, the retry algorithm would take longer to print jobs due to a long retry interval. - A timing hole during lpd last-job completion and shutdown needed to be closed. - It was not possible to print to the lpd queue using Windows 2000. PROBLEM: (82203, 81354, 85602) (PATCH ID: OSF440-509) ******** This fix introduces the "JJ" /etc/printcap parameter, which allows the user to choose either one tcp/ip connection for all jobs in the print queue (JJ=1), or a tcp/ip connection for each job in the print queue (JJ=0). It also closes a timing hole that existed when lpd was shutting down. This patch also fixes a problem in which lpd hangs when printing to advanced server queues (using /dev/null). PROBLEM: (89158) (PATCH ID: OSF440-658) ******** This patch fixes an lpd problem, a memory leak associated with the allocation of a buffer. PROBLEM: (CLD TKTQ50260, QAR 71678) (Patch ID: OSF440-114) ******** The second byte of some 2-byte SJIS characters can contain a value that, as a single-byte character, has special meaning to the C shell. In the problem report being addressed by this patch, the user assigned a two-byte SJIS character to a shell variable through command substitution. The second byte of the SJIS character value was 0x60, which by itself represents the backquote (`) character. Because the C shell processed the 0x60 value as a backquote rather than as the second byte of a 2-byte character, the user received an "Unmatched `" error. This patch installs a revised C shell that correctly handles 2-byte Japanese characters. PROBLEM: (QAR 70941) (Patch ID: OSF440-009) ******** In the C shell (csh), commands do not correctly print Japanese SJIS strings assigned to shell variables. For example, when running under the ja_JP.SJIS locale, the following echo statement does not correctly print the content of the var variable: % echo "$var" This patch installs a revised C shell that correctly prints the Japanese text. PROBLEM: (CLD TKT011546) (Patch ID: OSF440-226) ******** This patch fixes a problem in the C shell (csh) in which a segmentation fault will occur when the user defines an environmental variable which exceeds the 2048 character limitation. This limit has been lengthened to 8192 characters. PROBLEM: (TKTR71329) (PATCH ID: OSF440-401) ******** Some multibyte characters in the Japanese SJIS or Chinese BIG5 codeset do not display correctly if the C shell is being used and the characters are inside quotation marks. The problem occurs with characters for which the value of the second byte equates to a square bracket ( [ or ]). This patch updates the C shell to fix this problem. PROBLEM: (EVT102702, QAR 61875/64784) (Patch ID: OSF440-017) ******** This patch fixes a problem with /usr/bin/ksh and the named-pipe (FIFO) communication that is used by applications. This problem is seen randomly when 2 shells scripts (a parent process and a child process) are waiting for each others read/write on their named-pipe. It was observed that the read didn't complete by the child process although data was present in its named-piped written by the parent process. PROBLEM: (CLD BCGM71LG7) (Patch ID: OSF440-026) ******** This patch corrects a problem that was causing ksh to core dump in vi editing mode. ksh was core dumping intermittently when using '.' to repeat a command. PROBLEM: (CLD MGO103997) (Patch ID: OSF440-027) ******** This patch fixes a problem with ksh. ksh will core dump with segmentation fault when displaying a here-document. PROBLEM: (QAR 65164) (Patch ID: OSF440-028) ******** This patch fixes unexpected logouts and terminal hangups encountered when using the /bin/su command and /bin/ksh as a login shell. PROBLEM: (QAR 62880) (Patch ID: OSF440-028) ******** Without this patch, the file command erroneously reports 0 for the bit and Hz fields when you specify a WAV audio file as input. For example: > file TEST.WAV TEST.WAV: Microsoft RIFF - WAVE format 0 bit Mono 0 Hz This patch corrects the file command behavior, so that it outputs actual values in the bit and Hz fields. For example: > file TEST.WAV TEST.WAV: Microsoft RIFF - WAVE format 8 bit Mono 11025 Hz PROBLEM: (QAR 62684) (Patch ID: OSF440-028) ******** The patch corrects erroneous behavior when the tail command is used with both the -n and -r flags. If you do not install this patch and you invoke the tail command with both the -n and -r flags, the command ignores the -n flag, which specifies the starting line at which the file contents are displayed, and displays the entire file in reverse order. This patch corrects tail command behavior so that the -n and -r flags can be used together. PROBLEM: (QAR 62684) (Patch ID: OSF440-028) ******** This fixes a problem in the awk command. The maximum number of fields per record was changed from 99 to 199. PROBLEM: (QAR 62684) (Patch ID: OSF440-028) ******** This patch fixes problem with awk printing incorrectly. PROBLEM: (QAR 62684) (Patch ID: OSF440-028) ******** The tar/pax program did not always read the last tape record of an archive. This caused confusion for scripts that were reading a series of archives on the no-rewind device. PROBLEM: (HPAQ322BS, QAR 71534) (Patch ID: OSF440-146) ******** This patch fixes a problem in ksh which required two SIGTERM signals to be sent to the process when it exec'ed. PROBLEM: (CLD MGO104039) (Patch ID: OSF440-055) ******** This patch corrects a problem that may cause ksh to core dump when displaying a large here-document in a ksh script. PROBLEM: (QARS 69111 57709) (Patch ID: OSF440-066) ******** This patch fixes a problem that caused incorrect file dates to be restored when pax was used to copy files. The problem occured in the following cases: * If the file was a non-empty directory * If the file was the target of another symbolic link PROBLEM: (QAR 69522 65377) (Patch ID: OSF440-077) ******** This patch fixes a core dump that occurs in the ksh echo command when ksh is echoing a number whose decimal value is greater than 255. PROBLEM: (QAR 65964 QAR 70023) (Patch ID: OSF440-096) ******** This patch fixes a problem with the Korn shell where data loss occurs when commnds are piped together. This is seen when ksh is your default login shell and the first command to be issued pipes output to a shell script. PROBLEM: (76587, 52442) (PATCH ID: OSF440-318) ******** This patch fixes a problem in ksh in which a space after the -p switch would cause the command to fail. PROBLEM: (71646, 46891) (PATCH ID: OSF440-359) ******** This patch fixes a problem in ksh. When the current working directory is / and the command 'cd ..' is entered, the following error message is displayed: ksh: ..: bad directory PROBLEM: (TKTR10043, 77691) (PATCH ID: OSF440-392) ******** This patch fixes a cpio hanging problem in the Japanese locales. PROBLEM: (54202, 79596, BCPM412T3) (PATCH ID: OSF440-464) ******** This patch fixes a problem with the tar command. Corruption occurs when restoring a file system that contains more than two hard links to a file. PROBLEM: (BCSM31S18) (PATCH ID: OSF440-390) ******** This patch fixes a problem where the tar -F (Fasttar) option ignores files named "err" but doesn't ignore files named "errs" and directories named "SCCS" and "RCS". PROBLEM: (TKTRB0023) (PATCH ID: OSF440-532) ******** This patch fixes a multibyte character boundary condition handling bug in ksh. This problem happens only when MB_CUR_MAX of the multibyte locale is greater than 2 and a 2-byte character is divided into two parts on a 1024-byte block boundary. In this case, additional bytes may be skipped leading to incorrect execution of the ksh script. PROBLEM: (DM07739) (PATCH ID: OSF440-551) ******** This patch corrects pax/tar/cpio to properly extract explicitly specified files. When an archive contained a file with extended attributes and a different file (occurring later in the archive) was specified to be extracted, improper buffer pointer management resulted in the following display (example uses tar): tar: /dev/nrmt0h : This doesn't look like a tar archive tar: /dev/nrmt0h : Skipping to next file... tar: Memory allocation failed for extended data while reading : Not enough space The directory option was similarly affected. In this case the information for the specified file was not reported. PROBLEM: (MCGMA0CZ6, 81774) (PATCH ID: OSF440-498) ******** This patch fixes a problem with the tar and pax programs. These programs incorrectly append files to an existing archive and cause the file to become corrupt. A user will not notice the corruption until they read the archive using either the "tar t" or "tar x" commands. For example, a file named foo.tar would have the following message in the middle of the output: tar: foo.tar : This doesn't look like a tar archive tar: foo.tar : Skipping to next file... PROBLEM: (TKTBC0080, TKTB10082) (PATCH ID: OSF440-552) ******** This patch fixes two ksh problems. 1. ksh command line editing may not work correctly in emacs mode when the LANG environment variable is set to a multi-byte Asian locale. 2. ksh script may crash if the script changes the LANG environment variable to a multi-byte Asian locale. PROBLEM: (SSRT1-40U, SSRT1-48U) (PATCH ID: OSF440-599) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (STL226954, 87527, 87856) (PATCH ID: OSF440-620) ******** This patch corrects the problem in which /usr/bin/ksh hangs for certain scripts that contain wait(1). PROBLEM: (CLD: UVO106533, QAR: 72124) (Patch ID: OSF440-102) ******** The strftime() function in libc was not compliant with the latest UNIX95 corrigenda, dated 12 Mar 1999, concerning the %V format specifier. The previous description for this specifier was as follows: > %V is replaced by the week number of the year (Monday as the first > day of the week) as a decimal number [01,53]. If the week containing > 1 January has four or more days in the new year, then it is > considered week 1. Otherwise, it is week 53 of the previous year, > and the next week is week 1. The new wording per the approved corrigenda is: > %V is replaced by the week number of the year (Monday as the first > day of the week) as a decimal number [01,53]. If the week containing > 1 January has four or more days in the new year, then it is > considered week 1. Otherwise, it is the last week of the previous > year, and the next week is week 1. The difference is in the last sentence. The last week of the previous year can be 52 or 53, depending on how many weeks are in the previous year. The previous code complied with the original published UNIX95 spec and returned the value 53 in this case. However, the approved corrigenda referenced above takes precedence and this patch implements that change as required for releases branded for UNIX95. PROBLEM: (QAR 62835, QAR 70582) (Patch ID: OSF440-151) ******** This patch fixes a problem of password error messages not being displayed during installation of the security subsystem. If a root password is not entered at the installation interface, then it will be requested during the configuration phase. However, if the user enters an unacceptable password the message explaining why the password was not accepted is not displayed. Instead the message is stored until the user enters a good password and then all of the messages are displayed. PROBLEM: (CLD MG0103887) (Patch ID: OSF440-035) ******** The routines wprintf(), swprintf() and fwprintf() incorrectly handle the 'S' format. When printing, they count the number of bytes inthe same way that printf() sprintf() and fprintf() do. The standard indicates that the wide char routines must count by logical characters. After the patch is applies, the three routines will correctly calculate and print the correct number of logical characters in all locales. PROBLEM: (MGO103748/QAR 67141) (Patch ID: OSF440-093) ******** This patch fixes problems with rsh(1), rlogin(1), rcp(1) if netgroup names are defined with capital letters. PROBLEM: (HPAQ50LK2/QAR 52404) (Patch ID: OSF440-098) ******** This patch fixes a problem with portmap by allowing RPC select() timeouts to occur when interrupted by signals. PROBLEM: (QAR 64443, QAR 64472, QAR 64473, QAR 67374) (Patch ID: OSF440-115) ******** This patch fixes and enhances the quotacheck and fsck commands. 1) Add a -t option on quotacheck so that either AdvFS or UFS type devices may be selected for -a processing. 2) fsck and quotacheck will no longer try to attempt parallel processing of partitions on the same device or filesets in the same domain. 3) unique pass numbers are now being processed in numerical order during separate passes. This applies to both fsck and quotacheck 4) If an explicit AdvFS fileset is specified (without -a option) now always perform the quota check even if there is no /etc/fstab entry with quotauser and/or quotagroup specified. 5) Skip any file systems which are not currently mounted on their mount points. 6) Skip any /etc/fstab specified file system which are not mounted on their specified mount point. 7) A quotacheck command line can not have more than 64 arguments, if it does an error will be generated. PROBLEM: (QAR 68625) (Patch ID: OSF440-094) ******** UFS file systems being checked by fsck may have conditions that cause a dirscan() to end in a segmentation fault. This patch adds a check to dirscan() that will return STOP if this condition exists.This return will be detected by fsck and the user will be queried for action to be taken. PROBLEM: (QARS 71007, 73965) ******** This patch fixes a problem in which `ufs_fsck` can get blocked while attempting to flush nfs buffers for a service that has become suspended. PROBLEM: (CLD ZUO101615, QAR 71587) (Patch ID: OSF440-223) ******** This patch fixes a problem that was causing the csh globbing function to be extremely slow when accessing file information on NFS, AFS, or VMS file systems. PROBLEM: (62211) (PATCH ID: OSF440-357) ******** This fix increases the length of the user names for rsh and rexec to allow for NT interoperabilty. PROBLEM: (TKTR30011, 78909) (PATCH ID: OSF440-388) ******** If a code segment contained a gmtime() call between calls to tzset(), or any function specified to call tzset() (such as localtime(), mktime(), strftime(), etc) , the tzname[0] array could contain erroneous time zone data referring to the "GMT" zone abbreviation instead of the local time zone, as specified in the TZ environment variable or default time zone for the system. PROBLEM: (QAR 69251) (Patch ID: OSF440-054) ******** In the latest development version (version 52), Ladebug has has begun to employ a "user thread hold" mechanism. The initial testing of this mechanism has revealed bugs in DECthreads code bases which might result in missed breakpoints and watchpoints, as well as causing application hangs. PROBLEM: (CLD HPAQ21HQ9) (Patch ID: OSF440-054) ******** Customer was encountering an invalid scheduling priority bugcheck, which appears to be caused by incorrect referencing of scheduling data structures inside DECthreads. PROBLEM: (QAR 69364) (Patch ID: OSF440-054) ******** The manager thread is being scheduled to run in response to a system event (nxm action, timer queue expiration, etc) but is not recognizing the event as the reason it was scheduled to run. The manager thread then goes back to sleep, only to wake up again in response to the still unserviced system event. An infinite loop results. PROBLEM: (QAR 70833) (Patch ID: OSF440-111) ******** DECthreads turns synchronous signals into exceptions for processing by the application program with TRY...ENTRY blocks. If no application TRY block exists, processing defaults to the DECthreads internal routine, excLastChance. Prior to this patch, excLastChance would only reset the handler for the signal if the handler was the DECthreads-installed sigRaiseException routine. Any application-installed handlers remained. This caused a problem for applications whose signal handlers attempt to pass control to previously installed signal handlers, because if the previously installed handler was sigRaiseException, an infinite loop would result. PROBLEM: (QARs 71019, 71358) (Patch ID: OSF440-111) ******** A bug in the DECthreads two-level scheduler was causing Virtual Processors (VPs) to go idle and never be scheduled to run. This resulted in one or more CPUs on SMP machines going unused by threaded applications. PROBLEM: (72100, 74961, 75971) (PATCH ID:) ******** Threaded applications which make extensive use of synchronization objects (mutexes, condition variables) may encounter performance and scaling regressions when run on an EV6 SMP machine. Customers encountering these regressions may observe negative scaling, decreased application throughput and increased CPU utilitzation, as the number of EV6 CPUs is increased. This version of DECthreads contains changes to the implementation of synchronization objects and thread scheduling around those objects to improve performance on EV6 SMP. No functional or interface changes were made. PROBLEM: (79876) (PATCH ID: OSF440-431) ******** If the "where" or "t" ladebug command does not show all the currently active functions, it may be because of this problem. The program being debugged had to have been built with "split procedures", which is done via options in the om and spike tools. For spike, split procedures are generated if profiling is specified. For om, split procedures are generated if profiling AND the -split_procedure option are specified. PROBLEM: (79556) (PATCH ID: OSF440-423) ******** This patch adds functionality to termminate the resulting string from calls to swprintf(). PROBLEM: (BCSM807S5) (PATCH ID: OSF440-479) ******** Some applications assume that initial allocations of memory from the C run-time library's malloc() function will return zero-filled memory. The problem is that malloc() and free() often write into the first 16 bytes of the allocated memory. This change to malloc() zeros out the first 16 bytes in the allocated memory. The result is that memory allocated prior to any call to free() -- and prior to any other run-time library function that might call free -- should be zero filled. PROBLEM: (SSRT0689U) (PATCH ID: OSF440-510) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (78701, 79229, 79745, 81825, 84534, 84535) (PATCH ID: OSF440-535) ******** PROBLEM: (78701) (PATCH ID: ) This patch fixes a memory leak problem for threaded applications that make use of the pthread_attr_setname_np function. PROBLEM: (79229) (PATCH ID: ) This patch fixes a problem when threaded applications use pthread_setname_np. pthread_setname_np would occasionally return an EINVAL error code. PROBLEM: (79745) (PATCH ID: ) A threaded program may loop in a pthread library internal routine, causing an undue number of PC cycles to be attributed to __krnUnlock. DCPI profiling of such an process might look similar to the following, where __krnUnlock acquires an excessive 76.7% of the CPU time: %time seconds cum % cum sec procedure (file) 76.7 1207.5858 76.7 1207.59 __krnUnlock () 1.8 27.9858 78.5 1235.57 __krnLock () 1.2 19.3380 79.7 1254.91 __dspReadyAny () 1.2 18.9423 80.9 1273.85 proc_at_0x120042740 () 1.1 17.4863 82.0 1291.34 __utlCompareSwapEqPtr () 1.0 16.2385 83.0 1307.58 __utlFetchAndStoreConditional () 0.7 10.4885 84.5 1330.51 proc_at_0x120042f30 () 0.6 9.2181 85.1 1339.72 __utlCompareSwapEqInt () 0.5 7.9820 85.6 1347.71 __dspBlkDequeue () 0.5 7.3117 86.1 1355.02 __hstSetNxmActive () 0.4 6.9619 86.5 1361.98 __krnTryLockThread () PROBLEM: (81825) (PATCH ID: ) This patch ensures that threads created by programs linked -taso run on stacks with addresses that fit in the 31-bit taso range. Prior to this patch threads created by taso programs were run on stacks with non-taso addresses, which could result in truncated address values, and segmentation faults or data corruption depending on whether the truncated address is valid. PROBLEM: (84534, 84535) (PATCH ID: ) This patch fixes a problem that might occur with threaded applications linked against older versions of DECthreads. The DECthreads internal symbol __pthreads_legacy_init_routine may show up as an unresolved symbol at load time when those applications are run on systems on which a newer version of DECthreads has been installed. PROBLEM: (SSRT1-19U) (PATCH ID: OSF440-542) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (BCGM71Z77) (PATCH ID: OSF440-495) ******** This patch fixes a bug where quotacheck -v will report that it has fixed some quotas. If you keep running the command, it will keep reporting the exact same fixes. For example: # quotacheck -v /disk26 *** Checking user and group quotas for BCGM71Z7#disk26 (/disk26) system fixed: inodes 2 -> 5 blocks 16 -> 32896 fixed: inodes 3 -> 0 blocks 32880 -> 0 # quotacheck -v /disk26 *** Checking user and group quotas for BCGM71Z7#disk26 (/disk26) system fixed: inodes 2 -> 5 blocks 16 -> 32896 fixed: inodes 3 -> 0 blocks 32880 -> 0 # quotacheck -v /disk26 *** Checking user and group quotas for BCGM71Z7#disk26 (/disk26) system fixed: inodes 2 -> 5 blocks 16 -> 32896 fixed: inodes 3 -> 0 blocks 32880 -> 0 PROBLEM: (SSRT1-26) (PATCH ID: OSF440-584) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (86382) (PATCH ID: OSF440-595) ******** This patch fixes a problem that effects threaded programs compiled with the taso option on Tru64 UNIX V4.0F. The default stack size for taso threads in DECthreads V3.16, prior to this patch, was incorrectly being set to 1Mb. With this patch, normal and taso applications on V4.0F will use the same default stack size. PROBLEM: (FR_G01704, 89108) (PATCH ID: OSF440-654) ******** This patch is to correct the problem of a rexec command hanging on a system. PROBLEM: (60651, 77772, 60651, 66106, 64050) (PATCH ID: OSF440-371) ******** This patch fixes the following problems with the mv command: - an invalid error message when attempting to move files in which the source name is the same as the destination name. The message would look something like the following: mv: rename foo to foo/fooo: Invalid argument The error message, with this patch, will now look something like the following: mv: foo and foo are identical - when using "mv -i" to rename a symlink pointing to a file on a different filesystem owned by a different user results in the prompt: Ownership of y will change. Continue? - when moving a file from one filesystem to another, the "mv" command will copy the file rather than using the rename() system call. If there are any errors writing to the destination filesystem, the destination file is unlink()'d, and "mv" returns an error to the shell. This can also result in the loss of a file. PROBLEM: (BCSM40LZ1, 79464) (PATCH ID: OSF440-474) ******** This patch corrects the problem with the mv(1) command deleting files in the directory when the user moves a directory to itself. PROBLEM: (BCSM40LZ1, 79464) (PATCH ID: OSF440-466) ******** This patch corrects the problem with the mv(1) command deleting files in the directory when the user moves a directory to itself. PROBLEM: (HPAQB1F1V) (PATCH ID: OSF440-588) ******** This patch fixes a problem in which the "mv" command will not perform a move if the inode of the file is the same as the inode of the destination directory, even though said file and directory reside on different file systems. PROBLEM: (QARs 54403,70384) (Patch ID: OSF440-021) ******** The ar command previously had a fixed limit of 50000 external symbols. If your archive had too many symbols, you received the following error message: ar: internal error: too many defined external symbols PROBLEM: (None) (Patch ID: OSF440-052) ******** This patch is required if terminal emulation does not recognize key definitions set in the corresponding terminfo file. Installation of the patch may require applications built without call_shared libraries to be recompiled, using the new versions of the static library. PROBLEM: (BCGM41N62) (Patch ID: OSF440-130) ******** This patch fixes a problem where systems could hang in the audit code preventing rlogins, or telnets into it. PROBLEM: (QAR 62163, QAR 56930, QAR 51722, QAR 41257) (Patch ID: OSF440-064) ******** This patch fixes two problems in NFS. 1) When starting/stopping nfs, nfs was not checking for NFS daemons running. a) For 'nfs start' it was starting additional daemons since they were not being check. b) For 'nfs stop' it was not checking if multiple NFS daemons were running and didn't stop all of the daemons. 2) rpc.pcnfsd was causing core dumps when receiving a SIGTERM signal. PROBLEM: (78368) (PATCH ID: OSF440-472) ******** The what command will process only the first file provided to it in a list of input files. This is true if the input is provided as a wild card or if multiple files names are explicitely provided. PROBLEM: (QAR 71600) (Patch ID: OSF440-078) ******** This patch updates the FORE ATM (lfa) driver to Revision V1.0.14. PROBLEM: (QARs 73347, 73916) (Patch ID: OSF440-198) ******** This patch updates the lfa ATM driver to V1.0.16 and fixes the following two ATM driver problems: - Filesystems mounted using NFS over an ATM connection which uses either the Compaq HE622 or HE155 ATM adapters can experience soft hangs. When this happens, a file transfer operation will not complete (typically a write from the client to the server) or an unmount operation will hang. The rest of the system is still operational. - Under certain configurations, the ATM adapter can hang. When this occurs, the ATM subsystem cannot be successfully shut down and then restarted. Following an "atmconfig down driver=lfa<#>" command, the driver and ATM stack enters an unrecoverable state where no further operations are allowed. The state remains "GOING DOWN" (as reported by the command "atmconfig status driver=lfa<#>") until the next system boot. PROBLEM: (77506, 77655) (PATCH ID: OSF440-368) ******** This patch fixes a number of problems in the driver shutdown path. All the problems would result in a kernel memory fault panic but that panic might not manifest itself until the driver was restarted. This patch also enhances the driver by making the following changes: - The deferred interrupt processing path (attribute minimal_isr set to 1) has been modified to perform much better. This method of handling interrupts is now the default. - The time between when an adapter receives a frame and when it generates an interrupt to the host system has been shortened from 768 to 100 microseconds. This reduces the receive processing latency. - The model number string which prints out when the adapter is configured will display the -UA or -FA extension, reflecting the type of media used by the adapter. PROBLEM: (ZPO038883) (PATCH ID: OSF440-349) ******** This patch fixes a problem of NetRain devices failing to come up after the "rcinet restart" command is entered. The error message displayed is "/sbin/rc3.d/S00inet: ifconfig failed - ifconfig: ioctl (SIOCIFADD): Function not implemented" PROBLEM: (QAR 72419, CLD BCSM51GL2) (Patch ID: OSF440-131) ******** This patch fixes a class_admin/class_daemon problem. When a PID had been added to a class it can not be removed from the class scheduler until the process terminates or the class_scheduler has been stopped. PROBLEM: (QAR 69990) (Patch ID: OSF440-122) ******** This patch fixes the name demangling for the tools that print symbol table names generated by the C++ v6.2 compiler. This problem will only occur for most C++ objects compiled with the ansi options. A program compiled with the new C++ compiler with the new ansi name demangling would generate a new demangled function, template, class, etc. Then using one of the dumping tools that lacks the ability to decode (demangle) this string, the output would be unreadable. #include template class C { public: void foo(); }; template class D { public: void foo(); }; main() { C<'b'> c; c.foo(); D<98> d; d.foo(); } with old stdump: Externals table: 0. (file 0) ( 0) main Proc Text symref (indexNil) 1. (file 0) ( 0) foo__19C__tm__10_XCcL_2_98Xv_v Proc Undefined indexNil 2. (file 0) ( 0) foo__19D__tm__10_XCiL_2_98Xv_v Proc Undefined indexNil 3. (file 0) ( 0) _fpdata Global Undefined indexNil with new stdump: Externals table: 0. (file 0) ( 0) main Proc Text symref (indexNil) 1. (file 0) ( 0) void C<'b'>::foo(void) Proc Undefined indexNil 2. (file 0) ( 0) void D<98>::foo(void) Proc Undefined indexNil 3. (file 0) ( 0) _fpdata Global Undefined indexNil with new stdump: Externals table: 0. (file 0) ( 0) main Proc Text symref (indexNil) 1. (file 0) ( 0) void C<'b'>::foo(void) Proc Undefined indexNil 2. (file 0) ( 0) void D<98>::foo(void) Proc Undefined indexNil 3. (file 0) ( 0) _fpdata Global Undefined indexNil PROBLEM: ('74208, 117-1-12777 of cfs.71000') (Patch ID: OSF440-199) ******** This patch fixes a problem with nm that causes a core dump when the LANG environment variable is set to something that causes nm to check the catalog file (nm.cat). To duplicate the problem for ksh users: % export LANG=en_US.ISO8859-1 % /usr/bin/nm /usr/lib/libc.a /usr/lib/libc.a[NCchrlen.o]: Memory fault(coredump) PROBLEM: (CLD SSRT0567U) (Patch ID: OSF440-014) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (SSRT0590U) (Patch ID: OSF440-109) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (BCGMC1ZNX, HPAQ80JML, BCGMA0G3H, BCGMA2191) (PATCH ID: OSF440-412) ******** This patch fixes a problem where some crontab jobs would run multiple times in the same minute. This problem was introduced by another cron patch on a previous patch kit. In fixing an earlier problem, cron was changed so that if a crontab was submitted that contained an entry for the current minute, the entry was run immediately. Previously, the entry was not run. This change in behavior caused a problem for crontab jobs which updated crontab without deleting the entry that started them. Such jobs could be run multiple times during their first minute. PROBLEM: (78912, FNO95387A, BCGM51P8N) (PATCH ID: OSF440-455) ******** This patch fixes two cron problems: 1) the cron daemon does intensive logging and fills up the disk, and 2) multiple cron daemons continue to run and consume system resources due to the fact that after a user is deleted from the system there are still jobs running on the users behalf. PROBLEM: (CLD HPAQ5131P) (Patch ID: OSF440-101) ******** PROBLEM: This patch fixes a problem in viewing a variable subrange parameter from a pascal module while using dbx. While trying to view a particular parameter type, dbx truncates the address, and gives the error "can't read from process (address 0xffff)" The following Pascal program is an example that demonstrates the problem. PROGRAM dbx_word_err(output); TYPE word = [WORD] 0..65535; VAR chn : word; PROCEDURE test(VAR chan: word); VAR blah : word; BEGIN blah := 5; chan := blah + 100; END; BEGIN test(chn); END. The following dbx session illustrates the problem: dbx dbx_work_err dbx version 3.11.10 Type 'help' for help. DBX_WORD_ERR: 20 test(chn); (dbx) stop in test [2] stop in TEST (dbx) r [2] stopped at [TEST:15 ,0x120001ccc] blah := 5; (dbx) p chan can't read from process (address 0xfd00) PROBLEM: (52718, 74111, 61261) (PATCH ID: OSF440-391) ******** Problem 1: Dbx stack trace is incomplete. In certain cases, dbx's 'where' command did not produce a complete stack trace. This was seen when debugging at the assembly level and using the 'stepi' command to step into a routine, or when there is a fault in some library routines. The following shows some instances of the problem. Stepping into a routine with stepi ('si'), Getting a stack trace ('where' or 't') Attempt to 'return' >*[main:68, 0x1200018b0] ldq r27, -32568(gp) (dbx) ni >*[main:68, 0x1200018b4] jsr r26, (r27), 0x120005e60 (dbx) si >*[_OtsMove, 0x3ff800d5e60] amask 0x1, r19 (dbx) t > 0 _OtsMove(0x3ff800d5bd0, 0x4, 0x120001850, 0x3, 0x4) [0x3ff800d5e60] (dbx) return no place to return to (dbx) up (dbx) t > 0 _OtsMove(0x3ff800d5bd0, 0x4, 0x120001850, 0x3, 0x4) [0x3ff800d5e60] Stepping into a routine until the stack is correct >*[main:68, 0x1200018cc] ldq r21, 40(r8) (dbx) ni >*[main:68, 0x1200018d0] bsr r26, recurse+0x8(line 29) (dbx) si >*[recurse:29, 0x120001638] ldq r28, -16448(sp) (dbx) t > 0 recurse(inbox = (...)) ["crashit.c":29, 0x120001638] (dbx) ni >*[recurse:29, 0x12000163c] ldq r28, -4096(sp) (dbx) ni >*[recurse:29, 0x120001640] ldq r28, -12256(sp) (dbx) ni >*[recurse:29, 0x120001644] lda sp, -16448(sp) (dbx) ni >*[recurse:29, 0x120001648] stq r26, 8144(sp) (dbx) t > 0 recurse(inbox = (...)) ["crashit.c":29, 0x120001648] (dbx) ni >*[recurse:29, 0x12000164c] stq r16, 16400(sp) (dbx) t > 0 recurse(inbox = (...)) ["crashit.c":29, 0x12000164c] 1 main(argc = 3, argv = 0x11ffffce8) ["crashit.c":68, 0x1200018d0] Problem 2: Dbx cannot set a variable after viewing a non-local variable: Dbx has several methods of looking for variables. If the variable is not found in the current routine, active procedures on the stack are searched, and then global variables are searched. When dbx searched up the stack for the variable, it failed to reset an internal pointer and the assignment to a local variable failed. main: 52 if (argc < 3) { (dbx) stop in justtryme [2] stop in justtryme (dbx) r 0 3 [2] stopped at [justtryme:21 ,0x1200015d4] deepend = levels; (dbx) n [justtryme:23 ,0x1200015d8] printf("Cpu %d going down, stack about %d levels deep\n", cpu, deepend); (dbx) p iter /* A variable local to the main routine 3 (dbx) assign deepend = 10 10 (dbx) p deepend 3 (dbx) q Problem 3: Dbx receives signal 66 on vfork: When debugging a program that executes a vfork, dbx exhibited this: dbx version 3.11.10 Type 'help' for help. main: 11 signal( SIGCHLD, handler); (dbx) r signal [signal 66] at >*[__vfork, 0x3ff800e7968] beq r19, 0x3ff800e7980 (dbx) The correct behaviour follows: main: 11 signal( SIGCHLD, handler); (dbx) r New child attached. Use switch to gain access to process 5774 child: 5774 (dbx) PROBLEM: (TKTBC0129, 74469) (PATCH ID: OSF440-565) ******** This patch fixes problems with the dbx kernel debug option when used on kernel core files from wildfire and other large memory systems. PROBLEM: (BCPM50Z88, QAR 71321) (Patch ID: OSF440-154) ******** This patch provides bug fixes to the sys_check utility and updates the sys_check to version 114. This also include providing better display analysis messages. PROBLEM: (NONE) (Patch ID: OSF440-258) ******** This patch provides the folowing changes to the sys_check utility: - fixes the ra200info tool from core dumping - include sysconf in inventory for sys_check use PROBLEM: (NONE) (Patch ID: OSF440-275) ******** This patch fixes the following two problems with the collect information tool used by the sys_check utility; - a security hole where a user can become root - collect can not start at boot time due to incorrectly handling SIGHUP signal PROBLEM: (BCGM4134M, BCPM71NXQ, BRO45678A, BCGM814ON, BCPM51JZ6, 81811, 77292, 79179, 84598, N/A) (PATCH ID: OSF440-478) ******** This patch upgrades sys_check utiility to version 119.1 and provides the following changes: - two NFS problems - fixes the ra200info tool from core dumping - utilizes Compaq Analyze when available - utilizes storages new cliscript tool in place of hsxterm - updates asu section PROBLEM: (81295, 81296, 81562, 81563) (PATCH ID: OSF440-484) ******** This patch fixes following problems with the collect command and it adds sysloging when collect suspends, resumes, or receives a signal. - Collect always returns 0 for tape status, - Collect does not display proper PID and PPID on heavily loaded system, - Collect displays warning msg when a HSG80 controller installed, - Collect does not display proper Net status on heavily used network, - Collect does not align MessageQ data properly when the ID field is large, and - Collect does not compute Usertime and Systemtime correctly for processes whose pids are recycled. PROBLEM: (85366) (PATCH ID: OSF440-563) ******** sys_check will generate spurious error messages when there is no nfs configured. PROBLEM: (BCGMA1D6Z) (PATCH ID: OSF440-528) ******** sys_check is incorrectly evaluating the number of HSG controllers connected to a system, especially in a multipath configuration on v5.0a/V5.1. Doing so causes sys_check to run considerably longer. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-641) ******** A potential security vulnerability has been discovered, where under certain circumstances, users can clobber temporary files created by shell commands and utilities (e.g. under /sbin, /usr/sbin, /usr/bin, and /etc). Compaq has corrected this potential vulnerability. PROBLEM: (85209) (PATCH ID: OSF440-609) ******** This patch fixes the Collect's collector (/usr/sbin/collect) to correctly report the network interface load percentage. PROBLEM: (87037) (PATCH ID: OSF440-642) ******** This patch provides the /usr/lbin/mkstemp program which allows the mechanism to create a secure temporary file. PROBLEM: (UVO106373) (Patch ID: OSF440-007) ******** - On a DECstation 2000/300, the second com port (tty01) does not get configured. An error message "ksh: /dev/tty01: cannot create" is displayed when the tty01 port is accessed. - If communicating with a device with an extremely small receive fifo (for example, many xon/xoffs generated per "line" of data) random characters can be repeated. PROBLEM: (75293/74914) (Patch ID: OSF440-304) ******** This patch fixes serial line hang and enables halt switch on Eiger. PROBLEM: (TKTRB0985) (Patch ID: OSF440-037) ******** This patch fixes a kernel problem, where proper locking/reference count management was not being performed. This could result in a panic with the stack trace: 5 panic(s = 0xfffffc0000777888 = "lock_terminate: lock held") 6 lock_terminate 7 pgdelete 8 pgrp_unref 9 pgrm 10 proc_teardown 11 waitf 12 wait4 13 syscall 14 _Xsyscall PROBLEM: (TKTR61084) (Patch ID: OSF440-121) ******** Erroneous malloc error when attempting to create a mfs filesystem. Example: # mfs -s4194304 /mfs mfs: malloc of 18446744072635682816 bytes failed malloc: Not enough space PROBLEM: (QAR 64136) (Patch ID: OSF440-038) ******** This patch fixes a problem with the newfs command. Prior to this patch, when the newfs -N command was run on a mounted file system, it returned an error message similar to the following: newfs: /dev/rrz0c: is marked in the disklabel as in use by: 4.2BSD The command now completes succesfully and returns the correct partition information. PROBLEM: (HPAQ41J00, QAR 64037) (Patch ID: OSF440-044) ******** This patch fixes a problem where a system panic will occur when accessing an ISO9660 format CDROM when the CDROM was mounted using the command: mount -r -t cdfs -o noversion /dev/rz4c /cdrom The panic string is "Unaligned kernel space access from kernel mode". A typical stack trace of the crash is: 6 panic(s = "Unaligned kernel space access from kernel mode") 7 afault_trap 8 _XentUna 9 cdfs_isodir_to_idir 10 cdfs_readisodir_int 11 cdfs_readisodir 12 cdnodeget 13 cdfs_lookup 14 namei 15 stat1 16 stat 17 syscall 18 _Xsyscall PROBLEM: (QAR 71062, QAR 71532) (Patch ID: OSF440-087) ******** This patch fixes a problem with CDFS. Data corruption occurs when reading beyond the end of a partition. PROBLEM: (QAR 72764) (Patch ID: OSF440-167) ******** This patch fixes a problem in which system may memory fault if TCR/ASE server no longer had access to the cdrom device. PROBLEM: (HPAQ70DBD) (Patch ID: OSF440-266) ******** This patch fixes a problem where the system can panic with the panic string "secsize_resid < d_reclen" when accessing a defective cdrom. The stack trace of the panicing thread will be similar to: 0 boot 1 panic 2 cdfs_readdir 3 getdirentries 4 syscall 5 _Xsyscall PROBLEM: (78473) (PATCH ID: OSF440-445) ******** This patch fixes a problem with cdfs. Fatal errors occur when trying to load data from a cdfs cd-rom over nfs. PROBLEM: (HPAQ11RNL) (Patch ID: OSF440-004) ******** This patch fixes a panic seen when accessing the kio subsystem (such as would be done when running the consvar command) with improper arguments. The panic was caused by a kernel double-free, and would most likely be seen as a corruption within the 64 or 96 byte bucket (buckets 2 and 16). An example stack trace is: > 0 boot src/kernel/arch/alpha/machdep.c : 1890 1 panic src/kernel/bsd/subr_prf.c : 834 2 trap src/kernel/arch/alpha/trap.c : 1659 3 _XentMM src/kernel/arch/alpha/locore.s : 1645 4 k_mem_free_anon src/kernel/vm/k_mape_mem.c : 631 5 k_mem_unmap src/kernel/vm/k_mape_mem.c : 422 6 k_map_delete src/kernel/vm/vm_kmap.c : 1163 7 vm_map_remove src/kernel/vm/vm_map.c : 1698 8 kmem_free src/kernel/vm/vm_kern.c : 341 9 exec_args_free src/kernel/bsd/kern_execargs.c : 365 10 common_exec src/kernel/bsd/kern_exec.c : 762 11 execve src/kernel/bsd/kern_exec.c : 352 12 syscall src/kernel/arch/alpha/syscall_trap.c : 627 13 _Xsyscall src/kernel/arch/alpha/locore.s : 1409 PROBLEM: (BCGMC1JRS UVO106265) (Patch ID: OSF440-011) ******** This patch fixes a problem where process accounting data was not written to the accounting file when it was on an NFS-mounted file system. This problem occurred on Dataless Management Services (DMS) client systems. To correct this problem, this patch must be installed on the DMS client. It does not need to be installed on the DMS server. This corrects a "simple_lock: time limit exceeded" panic in softclock_scan(). PROBLEM: (HPAQ30BCD) (Patch ID: OSF440-012) ******** This patch fixes a kernel memory fault from socket code. The kernel memory fault results from failing to get a lock on a list of threads which have requested resources on a socket. The stack will contain: _XentMM simple_lock select_wakeup sowakeup soisconnected PROBLEM: (BRO101278) (Patch ID: OSF440-015) ******** This is to correct a problem where a signal is delivered, but not responded to by the target process. PROBLEM: (BCPMC1GPQ) (Patch ID: OSF440-003) ******** This is to fix a panic of "get_color_bucket: empty buckets" when the sysconfig attribute "private-cache-percent" is non-zero. PROBLEM: (None) (Patch ID: OSF440-061) ******** Deleted files still occupy filesystem space until the last reference on that file gets closed. PROBLEM: (QAR 65033, QAR 61856, QAR 64040, SSRT0563U, HPAQC08NV) (Patch ID: OSF440-032) ******** A potential security vulnerability has been discovered where under certain circumstances users may gain unauthorized access. Compaq has corrected this potential vulnerability. PROBLEM: (QAR 62614) (Patch ID: OSF440-033) ******** This patch fixes a problem with the mount command where it sometimes kills other processes. This randomly occurs if the file where mount stores its pid, /var/run/mountd.pid, is out-of-date. PROBLEM: (BCGM50N91) (Patch ID: OSF440-120) ******** This patch fixes a problem where process accounting data was not written to the accounting file and the following message was displayed when the accounting file was on an NFS-mounted file system: NFS3 write error 13 on host This problem occurred on Dataless Management Services (DMS) client systems. PROBLEM: (QAR 73131) (Patch ID: OSF440-123) ******** Occasionally, 3rd-party drivers fail to configure when the first device configured is not zero. Additionally, some drivers support a maximum number of devices and a constantly increasing base controller number, caused by reloads, may cause the driver maximum to be exceeded. This can also cause loadable drivers to fail to configure. A loadble driver that is loaded/configured, unloaded/unconfigured, then re-loaded/re-configured gets increasing controller number values on each re-load. Most loadable drivers prefer (or require) the controller numbers to begin at zero and increase as the number of matching devices are found on a system. PROBLEM: (QAR 72971 CLD MGO104088) (Patch ID: OSF440-128) ******** Mount falls back to V2 when a portmap call for the NFS V3 port fails. This logic is incorrect; a portmap timeout doesn't indicate a lack of V3 support. PROBLEM: (QAR 72129, QAR 73203, CLD HPAQ500L1) (Patch ID: OSF440-132) ******** This problem fixes an nfs/ufs/vm deadlock. While serving a client, the system running ASE/DT as an NFS server can hang with deadlock. PROBLEM: (QAR 72626, CLD BCPM50LZC) (Patch ID: OSF440-133) ******** This patch fixes a problem in which the system may panic with the error message "kernel memory fault". An example panic stack trace is: 0 stop_secondary_cpu 1 panic 2 event_timeout 3 xcpu_puts 4 printf 5 panic 6 trap 7 _XentMM 8 remque 9 in_pcbdetach 10 tcp_close 11 tcp_drop 12 table 13 syscall 14 _Xsyscall PROBLEM: (73146) (Patch ID: OSF440-136) ******** This patch fixes the following KZPCC Raid controller problems: - The disklabel command fails when configuring partitions with non-zero offset - The disklabel -wr command fail with error message; "unknown device type". - Driver logged errors are not reset on subsequent access attempts, thus producing erronous results. - The iostat command does not display nor report the correct information for this device type. It also can produce a "simple lock timeout" panic on a multi-processor system. - Non-generic kernels fail to recognize logical units on boot. - A custom kernel build fails to recognize multiple controllers and their associated drivers - A system hang or deadlock condition caused by the controller not returning command responses due to the lack of resources. The driver can not process responses that it receives to free up the resources. - A kernel crash during SWCC reconfiguration and rescan operations. SWCC does not receive the expected results from the addition and deletion of logical units. - The sizer -r command fails to report the correct information for this device type. - The inability to generate crash dump information on this device type. - A "kernel memory fault" system panic that can occur when system is under a certain level of stress. - A system panic when creating and deleting a high number (1000's) of logical units. - Unable to install or boot from any ri devices that are not on the first unit on the first controller. PROBLEM: (MGO104022) (Patch ID: OSF440-142) ******** This patch fixes a problem where applications using the fcntl() system calls may appear to hang. PROBLEM: (MGO09365A,BCGM41MGB) (Patch ID: OSF440-143) ******** This patch fixes "simple_lock: time limit exceeded" panics. PROBLEM: (QAR 63384) (Patch ID: OSF440-148) ******** This patch fixes a problem in which fork() is sometimes unable to optain swap space and a problem in which the restriction on core file sizes doesn't work as expected. PROBLEM: (STLB42227) (Patch ID: OSF440-152) ******** This patch fixes a problem where the system can panic with the console message, "bs_bf_htop: invalid handle\n N1 = 0". The stack trace of the panicing thread typically looks like: panic advfs_sad bs_bf_htop msfs_getattr pacl_vnperm paclaccess sp_vnaccess msfs_access msfs_lookup namei PROBLEM: (HPAQ40343, HPAQ5062G, UVO20042) (Patch ID: OSF440-155) ******** This patch fixes a problem with heavy I/O loads on UFS filesystems that can result in poor response time; the system could appear to be "paused". In many cases, the system appears to "pause" after an update had executed (a sync is occurring). PROBLEM: (CLD BCSM30WLD ,QARS 69170 70101) (Patch ID: OSF440-039) ******** This patch fixes a problem that causes system panics when thread_swappable is called with the current_thread as the target thread, when the thread is about to be swapped out. PROBLEM: (BCGM40GGH, 71213) (Patch ID: OSF440-067) ******** This patch fixes a problem where the map entry indexing scheme does not handle the case when a bucket is emptied due to several unmaps. When the last entry in a bucket is deleted, the bucket head may point to the map itself. When this happens, subsequent address space lookup and deletion will fail, resulting in the following panic: "pmap_release_page: page not found" PROBLEM: (QAR 66356) (Patch ID: OSF440-081) ******** This patch fixes a problem in which certain invalid kernel address ranges may get ignored.This can result in invalid kernel memory accesses to be left unnoticed. PROBLEM: (QARS 71524 66356) (Patch ID: OSF440-085) ******** This patch fixes a problem that causes the Tru64 UNIX Version 5.0 update install procedure to exit with core dumps and /sbin/loader failures on a system. PROBLEM: (BRO101307 & BCSM11QV2 ,QAR 70038) (Patch ID: OSF440-095) ******** This patch fixes a problem in the module core() that can cause a panic with the message: vrele: bad ref count. The stack trace may look like the following example: 0 stop_secondary_cpu() 1 panic("event_timeout: panic request") 2 event_timeout() 3 xcpu_puts() 4 printf() 5 panic("vrele: bad ref count") 6 vrele() The problem occurs if a set UID, or GID, program attempts to dump core in a directory that already contains a symbolic link with the name "core", and if the link points to a non-existent path. PROBLEM: (HPAQ50FLC, QAR 71826, QAR 71891, QAR 68458) (Patch ID: OSF440-099) ******** 1) Panic in the kernel with the following error message: simple_lock: time limit exceeded Stack trace is as follows: panic simple_lock_fault simple_lock_time_violation pmap_ssm_enter u_ssm_fault u_map_fault vm_fault ... 2) A panic occurs when booting kernel interactively and setting the memlimit. The panic error message is as follows: kernel memory fault PROBLEM: (QAR 56967) (Patch ID: OSF440-104) ******** This patch fixes a problem with kdbx in which it creates a core in the root directory when recovering from a system crash. After a system crash, and a subsequent reboot, a core file is found under the root directory, /. Using the file command (which must be run by superuser, due to the protection on /core) will show that the file was created by kdbx. PROBLEM: (None) (Patch ID: OSF440-138) ******** This patch removes a Granularity Hint Regions (a.k.a., GH Chunks) restriction which may be encountered on AlphaServer DS20 and ES40 systems running the Digital UNIX V4.0F release. This restriction can reduce performance for certain data base applications. See the Patch Summary and Release Notes document for further information. PROBLEM: (QAR 73146) (Patch ID: OSF440-164) ******** This patch fixes several system hangs/crashes that could occur when the driver finds it necessary to re-initialize the KZPCC controller. (The driver contains code to do this re-initialization in case the controller stops responding to I/O requests for any reason.) PROBLEM: (MGO104025) (Patch ID: OSF440-144) ******** This patch fixes a system hang condition. All NFS related services may deadlock. PROBLEM: (QAR 72410) (Patch ID: OSF440-158) ******** This patch fixes the database application core dumps when using truss/trace tools by remembering that COW has been setup on a shared pte and process it correctly when a subsequent write access is made to the page. PROBLEM: (QAR 70220) (Patch ID: OSF440-170) ******** Use of mmap can sometimes result in data corruption. PROBLEM: (QAR 73918) (Patch ID: OSF440-180) ******** This patch fixes a problem where AS1200 systems with more than 3 pairs of memory displays the following warning message on the console during boot: "pmap_get_align: Unaligned memory hole found... Please reset the system to clear any previous memlimit" PROBLEM: (BCPM81CNT/BCPM80N9B) (Patch ID: OSF440-182) ******** This patch fixes a kernel memory fault caused when a network application walked an inpq array. The problem occured on an ASE configuration that was running user scripts configuring the network interfaces. The stack looked like this: 0 thread_block 1 thread_preempt 2 boot 3 panic 4 trap 5 _XentMM 6 table 7 syscall 8 _Xsyscall PROBLEM: (QAR 73589) (Patch ID: OSF440-187) ******** Because of a problem involving signal delivery, multithreaded applications can exhibit very poor performance or may even hang. PROBLEM: (QAR 73885) ******** This patch fixes a problem in realtime preemption support where a thread may be suspended due to an uninterruptible sleep. Processes will hang while retaining their system resources, causing a slowdown in system throughput. PROBLEM: (QAR 74109 69359,cld alc-08485) This patch fixes a problem that could result in a incorrect scheduling of threads when they were dispatched from the idle state. Prior to this fix, when a thread was woken it was placed in the processor next_thread field as the next thread to run. If multiple threads were awoken, the first thread could be placed in the in the processor next_thread field and then could lose it's priority because the next thread to awaken could subsequently be placed in the processor next_thread field. PROBLEM: (QAR 74449) (Patch ID: OSF440-206) ******** The patch fixes a problem with virtual memory. When running the Oracle database, Oracle can not detach from a shared memory segment. PROBLEM: (QAR 74057, QAR 65727) (Patch ID: OSF440-209) ******** This patch fixes single-step support in a debugger, such as Ladebug, for instructions that trap or fault. The way single-stepping is implemented, it assumes the instruction being stepped over completes. If it traps or faults, the single step does not happen and the breakpoint(s) are left in. The image then becomes corrupted. This patch fixes all cases where an isntruction does not complete, removes the breakpoint(s) as necessary, and fixes up the exception frame. PROBLEM: ('QAR 68687') (Patch ID: OSF440-221) ******** This patch fixes an incorrect calculation for memory-usage-by-type when kmem_debug is set. This can be seen in the output of the "vmstat -M" command when a negative value is displayed for a given type. PROBLEM: (ALC-08332) (Patch ID: OSF440-227) ******** This fixes a "simple_lock: hierarchy violation" panic from sigq_abort(). PROBLEM: ('QAR 74536') (Patch ID: OSF440-256) ******** This patch fixes a system panic on multi-process systems (approximately 12 cpus) with large memory (128GB). The system can panic with panic: lock time on vm_page_free_lock PROBLEM: (QAR 74759) (Patch ID: OSF440-259) ******** This patch fixes a problem in which unmounting an NFS mounted directory can cause a user process to coredump. PROBLEM: ('QAR 73124, QAR 71118') (Patch ID: OSF440-268) ******** This patch fixes a problem where partitioned turbolasers return incorrect cpu data for cpus that are not in the partition. PROBLEM: (QAR 71139) (Patch ID: OSF440-272) ******** This patch corrects a problem that was causing degraded performance of the WAN Support for Tru64 UNIX layered product. PROBLEM: (56172) (Patch ID: OSF440-276) ******** Under certain conditions when using Asynchronous I/O, NULL pointer can be dereferenced in aio_unwire() causing an kernel memory fault panic. This fix eliminates this possibility. PROBLEM: ('QAR 74959') (Patch ID: OSF440-278) ******** This patch fixes a problem where ubc_msync() may not flush out all the pages in the requested range. PROBLEM: (BCSMA1923/75276) (Patch ID: OSF440-284) ******** This patch fixes var adm messages from truncation on larger configurations by raising the default size (4096) of 'msgbuf_size' to 8192. PROBLEM: (DEKQC0005, STLNC4615) (Patch ID: OSF440-305) ******** This patch fixes a problem where systems with the BL13 patch kit installed would run low on kernel memory after process accounting had been running for a while. PROBLEM: (QAR 69961) (Patch ID: OSF440-036) ******** This patch corrects a problem where a mount(8) command failure caused the operating system to crash. Instead, the failure will now only cause the AdvFS filesystem domain to shut down. The mount(8) command would fail when mounting an AdvFS file system because of an internal file system error. Now the file system shuts down the AdvFS file domain rather than crashing the system with a panic(). PROBLEM: (XIP100014, XIO100017) (Patch ID: OSF440-056) ******** This patch fixes a problem on systems using the AdvFS filesystem, where the system can panic with the panic string: "del_clean_mcell_list: no primary xtnt record". The stack trace will be similar to: advfs_sad del_clean_mcell_list bs_bfdmn_activate bs_bfdmn_tbl_activate fs_fset_get_info msfs_real_syscall msfs_syscall syscall _Xsyscall PROBLEM: (MGO103845, MGO103895) (Patch ID: OSF440-057) ******** This patch fixes an AdvFS Domain Panic that occurs with the following message on the console: "load_x_cache: bad status from bs_refpg of sbm" Example stack traces are as follows. Note: These are obtained from a system panic and not from the domain panic itself. 5 panic 6 advfs_sad 7 load_x_cache 8 sbm_find_space 9 alloc_from_bitmap 10 alloc_from_one_disk 11 stg_alloc_from_one_disk 12 alloc_copy_stg 13 migrate_normal 14 mig_migrate 15 bs_migrate 16 msfs_real_syscall 17 _Xsyscall PROBLEM: (HPAQC0B99) (Patch ID: OSF440-058) ******** This patch fixes a problem in AdvFS with auditing enabled. During a rmvol operation, the system can panic with a "kernel memory fault" with a stack trace that is similar to the following: > 0 boot() 1 panic(s = 0xfffffc00005b60a8 = "kernel memory fault") 2 trap() 3 _XentMM() 4 audit_rec_build() 5 audit_call() 6 msfs_audit_syscall() 7 msfs_real_syscall() 8 msfs_syscall() 9 syscall() 10 _Xsyscall() PROBLEM: (BCPM117VX, QAR 68804) (Patch ID: OSF440-059) ******** This patch fixes a problem where the "statfs" system call was reporting incorrect block usage on AdvFS filesets. As a side effect of this problem, the sendmail utility may sleep needlessly (waiting for space to become available). PROBLEM: (QAR 58502,QAR 59094,QAR 61399,QAR 67023) (Patch ID: OSF440-060) ******** This patch provides the following fixes and enhancements to AdvFS: - AdvFS volumes were not setting the default I/O byte transfer size to the preferred size reported by the disk drives. This caused I/O consolidations to be smaller than is optimal for the disks. This patch now assigns the driver's preferred I/O transfer byte size to all new AdvFS volumes created with mkfdmn and addvol. - AdvFS chvol read and write transfer size range was increased. With this patch the transfer size range is now between 16 and 3276 512-byte blocks. - The read-ahead algorithm was modified to improve performance under certain conditions. The algorithm now sanity checks the number of pages that it would attempt to prefetch and apply the following restrictions when doing its calculations: o Only read-ahead the number of pages remaining in the file. o Use a predetermined percentage of the buffer pool for use as read-ahead buffers. PROBLEM: (QAR 70283) (Patch ID: OSF440-112) ******** This patch fixes the problem where the system panics if AdvFS detects an inconsistency in the free list of mcells that is kept on a per-volume basis in an AdvFS domain. The panic string seen with this panic is "alloc_mcell: bad mcell free list". PROBLEM: (UVO106494) (Patch ID: OSF440-125) ******** This patch fixes a problem where "update" takes too long to sync mmap files when using an AdvFS file system. PROBLEM: (QARS 70619 68822 72776 72391) (Patch ID: OSF440-141) ******** This patch fixes the following two problems in AdvFS: - When a "log half full" or "log full" problem occurs, an entire system will panic. With this patch, only the AdvFS domain will panic instead of bringing down the entire system. - The erorr message "ftx_bfdmn_recovery:bad record size\n N1 = 1" is received when the wordCnt, as returned by lgr_read, is not enough to hold the ftxDoneLRT record that preceeds each log record in a log page. This caused the log page trailer to overwrite the ftxDoneLRT record in a log record. This patch now leaves enough room to write a log header at the end of a log page. PROBLEM: (CLD ALC-08618, QAR 69288) (Patch ID: OSF440-147) ******** This patch corrects a problem where a "can't clear a bit twice" panic occurs after an unanticipated system crash and an improperly handled AdvFS recovery operation. Note: Although the system will have paniced with a "can't clear a bit twice" panic message, the AdvFS file domain is often still good. On the following reboot the system will not mount the affected AdvFS domain complaining that the domain is in an "inconsistent state". To recover the domain, use dbx to set the variable AdvfsFixUpSBM to 1: dbx dbx>a AdvfsFixUpSBM = 1 dbx>quit Then use the AdvFS verify utility to check the domain. If the recovery is successful, verify will report no errors and the domain will be mountable. Please remember to set AdvfsFixUpSBM back to zero when you have finished recovering the domain. PROBLEM: (MGO104093,MGO104098,DSAT31W43, QAR 71350) (Patch ID: OSF440-082) ******** This patch corrects a problem in AdvFS which causes single-CPU systems to hang and causes multiple-CPU systems to panic with a "simple lock time limit exceeded" message specifying lock class name BfAccessTblMutex. This problem was originally reported when sys_check was being used to report on systems where there are more than 256 AdvFS filesets. The same problem could occur with any form of file access with that many filesets. PROBLEM: (MGO103900, QAR 71550) (Patch ID: OSF440-097) ******** This patch corrects a problem in AdvFS where unmounting a domain that is already in a panicked state could result in the following system panic message: log_flush_sync: pinpg error\n N1 = 5 Note: In this instance an I/O error (EIO = 5) caused the original domain panic. Stack trace: 6 advfs_sad() 7 log_flush_sync() 8 lgr_writev_ftx() 9 log_donerec_nunpin() 10 ftx_done_urdr() 11 ftx_done_n() 12 quota_deactivate() 13 msfs_unmount() Kernel Rebuild required. PROBLEM: (QAR 71271, QAR 71674) (Patch ID: OSF440-166) ******** This patch fixes a problem in AdvFS. AdvFS may skip filesystem recovery after aborted domain activation. PROBLEM: (CFS.67765,QAR 72623) (Patch ID: OSF440-174) ******** This patch corrects a kernel memory fault that occurs when entering the "mount -o dual" command. 9 _XentMM() 10 bs_bfdmn_sweep() 11 bs_bfdmn_activate() 12 bs_bfdmn_tbl_activate() 13 bs_bfset_activate_int() 14 bs_bfset_activate() 15 advfs_mountfs() PROBLEM: (QAR 74075) ******** This patch fixes a problem that may cause panics to occur when msfs_getpage() receives an error return from fs_write_add_stg() when attempting to write to an AdvFS domain that is out of disk space. PROBLEM: ('QAR 74052, QAR 73883') (Patch ID: OSF440-213) ******** This patch fixes a problem in AdvFS. A fileset is busy when attempting to unmount giving an EBUSY error even though the fileset has no open files. PROBLEM: (QAR 72949) (Patch ID: OSF440-220) ******** For ASE Disaster Tolerance systems only, a system may hung because a thread is reclaiming a vnode that is currently flushing the vnode's modified data to disk. The thread will be hung in filesystem flush synchronization. The I/O requests will not complete because ASE currently has suspended I/O processing and the thread that is blocked is an ASE process. This is a typical trace back, such as the dtwm process: (../dbx) t > 0 thread_block() ["../../../../src/kernel/kern/sched_prim.c":2352, 0xfffffc000 02bc31c] 1 thread_sleep(event = 0x0, lock = 0xfffffc00007a0780, interruptible = 0x0) ["../../../../src/kernel/kern/sched_prim.c":2002, 0xfffffc00002bbbb0] 2 _cond_wait(0x0, 0x0, 0xfffffc000040ec14, 0xfffffc00007a0780, 0xfffffc00003fa1c4) ["../../../../src/kernel/msfs/bs/ms_generic_locks.c":646, 0xfffffc000040ec10] 3 bfflush_sync(bfap = 0xffffffff80bd5110, waitLsn = struct { num = 0x4 }) ["../../../../src/kernel/msfs/bs/bs_qio.c":2541, 0xfffffc00003fa1c0] 4 bfflush(bfap = 0xffffffff80bd5110) ["../../../../src/kernel/msfs/bs/bs_qio .c":2662, 0xfffffc00003fa3c4] 5 msfs_reclaim(0x1, 0xfffffc00007414f8, 0x2, 0xfffffc0000754a10, 0x0) ["../../../../src/kernel/msfs/osf/msfs_misc.c":1967, 0xfffffc0000433f1c] 6 vclean(vp = 0xfffffc001971a600, flags = 0x4, newops = 0xfffffc0000753378) ["../../../../src/kernel/vfs/vfs_subr.c":2759, 0xfffffc00005170e0] 7 vgone(vp = 0xfffffc001971a600, ops = 0xfffffc0000753378) ["../../../../src/kernel/vfs/vfs_subr.c":2862, 0xfffffc0000517274] 8 getnewvnode(vops = 0xfffffc0000753378, vpp = 0xffffffffa1e0f670) ["../../../../src/kernel/vfs/vfs_subr.c":1901, 0xfffffc0000516148] 9 vdealloc() ["../../../../src/kernel/vfs/vfs_subr.c":1357, 0xfffffc0000515814] 10 vrele(vp = 0x112e) ["../../../../src/kernel/vfs/vfs_subr.c":2403, 0xfffffc0000516b80] 11 namei(0xfffffc001912b720, 0xffffffffa1e0f8f0, 0xffffffffa1e0f8e0, 0x0, 0xffffffffa1e0f7d8) ["../../../../src/kernel/vfs/vfs_lookup.c":829, 0xfffffc0000514590] 12 stat1(0xc98ed, 0x375c0162, 0x375c0161, 0x2bf62375c0161, 0xfffffc0000574218) ["../../../../src/kernel/vfs/vfs_syscalls.c":2942, 0xfffffc000051b00c] 13 stat(0x375c0161, 0x2bf62375c0161, 0xfffffc0000574218, 0x74, 0xfffffc0000574218) ["../../../../src/kernel/vfs/vfs_syscalls.c":2910, 0xfffffc000051af8c] 14 syscall(0x0, 0x0, 0x343df375c047c, 0x3ff803de850, 0x0) ["../../../../src/kernel/arch/alpha/syscall_trap.c":627, 0xfffffc0000574214] 15 _Xsyscall(0x8, 0x3ff800d88f8, 0x3ffc057e620, 0x1400664c0, 0x11ffff280) ["../../../../src/kernel/arch/alpha/locore.s":1500, 0xfffffc000056a954] PROBLEM: ('QAR 73644') (Patch ID: OSF440-244) ******** This patch fixes a problem with making a msfs_putpage() call. The length argument may get its upper bits truncated which will result in an incorrect length calculation. PROBLEM: ('QAR 73692, QAR 69021, QAR 74011') (Patch ID: OSF440-257) ******** This patch fixes a problem in the AdvFS system. A panic occurs with the following error message: lock_read: hierarchy violation PROBLEM: (QAR 75161) (Patch ID: OSF440-265) ******** This patch fixes a situation in which a domain that is being recovered can cause a slight Advfs memory leak. The problem can possibly result in a system panic whenever a domain is recovered via the mount command. The panic is due to a memory corruption. PROBLEM: (DJOB71733) (Patch ID: OSF440-289) ******** This patch fixes a problem where a single cpu system using AdvFS can hang in cleanup_closed_list(). PROBLEM: (MGO67225A,TKTBA0006,BCSMA1GK5,EVT79308A,STLBB3923) (Patch ID: OSF440-303) ******** This patch corrects AdvFS problems involving clone filesets. The statfs syscall (used by df) was incorrectly returning zero blocks USED for clones. The read-ahead code was incorrectly passing up opportunities to do read-ahead on clone filesets, resulting in a large performance penalty. PROBLEM: (MGO05514A, QAR 73107) (Patch ID: OSF440-168) ******** This patch corrects two problems in AdvFS property list handling: 1) Creation of property lists entries in AdvFS filesets with no available mcells will result in kernel memory fault (kmf). Abbreviated stack: 17 _XentMM() 18 msfs_pl_pin_cur() 19 msfs_pl_create_rec() 20 msfs_pl_findhead_setdata() 21 msfs_pl_set_entry() 22 msfs_setproplist_int() 23 msfs_setproplist() 24 setproplist() 25 proplist_syscall() 26 syscall() 27 _Xsyscall() 2) The get_proplist_entry function (used to disassemble the property list buffer returned by the "getproplist" system call) returned incorrect name length on property list names longer than 127 characters. PROBLEM: (MGO44815A) (Patch ID: OSF440-191) ******** This patch fixes a problem with soclose() that caused permanent looping on exit while aborting pending connections at a TCP/IP listener socket. The thread in the loop condition will typically have this stack trace: simple_unlock lock_write solock soclose soo_close closef exit PROBLEM: (QAR 72022, QAR 71836) (Patch ID: OSF440-107) ******** This patch fixes two separate problems: 1) When configuring the AlphaServer ES40, the ISA devices IDE and USB are not configured if a combo card is installed. The following error is seen during the boot process: shared_intr_add: attempt to share non-sharable interrupts, index 0xe ata_probe: handler_add failed 2) System panics with a kernel memory fault when installing on a AlphaServer DS20 A sample stack trace is listed below: 0 boot 1 panic 2 trap 3 _XentMM 4 linear_write_io_port 5 write_io_port 6 i2c_write_csr 7 i2c_reset 8 i2c_init 9 i2c_thread PROBLEM: (QAR 71921, QAR 72204, CLD INT-08869, QAR 71802, QAR 72427) (Patch ID: OSF440-159) ******** This patch fixes the following Compaq AlphaServer problems: - On the ES40 and DS20, non-fatal 680 environment machine checks are being logged as fatal/non-correctable errors. - On the DS20, a fix has been made to the handling of power supply, temperature, and fan events so that they are reported correctly. - Provides support for the Compaq AlphaServer DS20E. PROBLEM: (BCSM61PZS) (Patch ID: OSF440-253) ******** This patch allows the com1_environment variables to be stored in NVRAM. On a DS10 platform, resetting console baud rate to anything other than the rate it was running, a system panic occurs at boot. PROBLEM: (QAR 71292) (Patch ID: OSF440-088) ******** This patch fixes a problem where on systems with a Powerstorm 4D10T (ELSA Gloria Synergy) graphics board, sometimes the generic kernel (genvmunix) failed to configure the graphics driver giving the message: comet driver: could not register screen Other times, the system would crash during startup when configuring the graphics driver. PROBLEM: (QAR 71907) (Patch ID: OSF440-088) ******** This patch fixes a problem where on systems with a Powerstorm 4D10T (ELSA Gloria Synergy) graphics board, sometimes when the window system starts, the colors are incorrect. PROBLEM: (None) (Patch ID: OSF440-207) ******** This patch provides the driver support for the PCI To Ethernet/Graphics Combo Adapter (3X-DEPVD-AA) (also known as the ITI6021E Fast Ethernet NIC 3D Video Combination Adapter, InterServer Combo, or JIB). PROBLEM: ******** This patch fixes a problem where on systems with a Powerstorm 4D10T (ELSA Gloria Synergy) graphics card (SN-PBXGK-BB), the system could crash if an X11 application used cursors larger than 64x64. PROBLEM: ******** This patch fixes a problem where on systems with a Powerstorm 4D10T (ELSA Gloria Synergy) graphics card (SN-PBXGK-BB), when using 8-plane PseudoColor visuals, incorrect colors may be displayed. PROBLEM: (NONE) (Patch ID: OSF440-065) ******** Increased error detection within the driver. PROBLEM: (74484,74936,70605,71711) (Patch ID: OSF440-239) ******** This patch updates the emx Fiber Channel driver to revision 1.12, adds support for the KGPSA-CA adapter, and it also fixes several problems listed below. PROBLEM: (Qar 74484) (Patch ID: OSF440-239) ******** In an ASE environment, the driver was not appropriately restoring the link state after a LIP. This typically occurs on a cable pull scenario. When this problem occurs, all i/o through the adapter stalls and never completes. PROBLEM: (Qar 74936)(Patch ID: OSF440-239) ******** When connected to the new Pleiades II switches, the switch ports would consume target ids on the adapter's scsi bus. See the Patch Summary and Release Notes for further information. PROBLEM (QAR 70605) (Patch ID: OSF440-239) A kernel memory fault in routine emx_handle_els_request can occur with a stack trace similar to the following: 1: panic+260 2: event_timeout+236 3: xcpu_puts+76 4: printf+392 5: panic+696 6: trap+8660 7: _XentMM+84 8: emx_handle_els_request+5160 9: emx_ring_event+2216 10: emx_intr_deferred+372 11: emx_interrupt_thread+408 PROBLEM: (Qar 71711)(Patch ID: OSF440-239) ******** A switch nameserver bug was encountered that caused driver timeouts to improperly fire. This resulted in a scenario in which the system could hang at boot up, infinitely trying to probe the FC link. The last messages on the console would typically look like the following: emx0 at pci3 slot 4 KGPSA adapter: Driver Rev 1.09 : F/W Rev 2.20X2(1.12) : wwn 1000-0000-c920-a6 c8 PROBLEM: (TKTB90028, TKTBA0054) (Patch ID: OSF440-269) ******** This patch fixes a problem where on systems with a Powerstorm 4D10T (ELSA Gloria Synergy) graphics board, the graphics were not reset to console mode (the blue screen) when the halt button was pressed. PROBLEM: (73146) (PATCH ID:) ******** This patch fixes the following KZPCC Raid controller problems: - A kernel crash when newly created I2O_BS devices (via SWCC utility) were not being configured due to an inability to obtain a kernel controller structure. - The i2o_bs driver wasn't being notified as expected when the i2o bus code executed an iop reset. - ExecLCTNotify commands took longer than expected to complete. - SWCC observed that multiple devices were assigned the same dev_t value. - Observed that I/O was taking longer to complete than our expected timeout value allowed. - A kernel crash that occurs during the reset/recovery process. - An error message is displayed during boot which indicates the memory on the board cannot be configured due to no matching entry in the pci_option_data table. - Incorrect bus structs being returned by the get_bus(). The symptom being that things are not getting connected and configured as one would expect. Thus, in one instance, the boot device was no longer found. PROBLEM: (QAR 75510,75579,75788) (Patch ID: OSF440-294) ******** This patch updates the emx Fiber Channel driver to revision 1.13, correcting issues with Link initialization on the KGPSA-CA adapter. The link initialization problem had two footprints: a) If the cable is pulled from the switch, then reinserted, the switch led will flicker green, then turn amber and remain in this state until the system reboots. On the hosts, after roughly 1 minute from the time that the cable is pulled, access to the FC devices through that adapter will now fail. b) Occasionally, at boot, the following message will appear during the boot up messages: emx?: emx_linkup_timedout: link up timeout has expired All fibre channel devices attached to the link will not be visible. PROBLEM: (77583, 77156, 75510, 75579, 75788, 76179, 76295, 76513, 76795, 76796) (PATCH ID: OSF440-314) ******** This patch updates the emx Fiber Channel driver to revision 1.17, correcting issues with cascaded switches and Link initialization on the KGPSA-CA adapter. This driver revision also corrects some EMX DRIVER ERR mailbox warning messages that are occasionally seen during boot. General driver performance improvements are also contained. The cascaded switch problem would typically show itself, if present at boot, with the following message : "emxX: %s: link attach timeout has expired". The link would never initialize and devices on the adapter would not be seen. If the problem occurred post boot, devices would simply appear to be non-existent. The link initialization problem had two footprints: a) If the cable is pulled from the switch, then reinserted, the switch led will flicker green, then turn amber and remain in this state until the system reboots. On the hosts, after roughly 1 minute from the time that the cable is pulled, access to the FC devices through that adapter will now fail. b) Occasionally, at boot, the following message will appear during the boot up messages: emx?: emx_linkup_timedout: link up timeout has expired All fibre channel devices attached to the link will not be visible. The emx mailbox warning messages, appear during boot at the time of the emx adapter is probed. The warnings typically were one of the following messages: a) emx0 at pci1 slot 3 KGPSA-CA : Driver Rev 1.12 : F/W Rev 3.00(1.10) : wwn 1000-0000-c921-1863 EMX DRIVER ERR: emx0: emx_mbx_event - Unsuccessful mailbox command 0x17 - 0x17 : 0xfffd Unknown Status b) emx0 at pci1 slot 3 KGPSA-CA : Driver Rev 1.12 : F/W Rev 3.00(1.10) : wwn 1000-0000-c921-1863 EMX DRIVER ERR: emx0: emx_init_link - Send Init Link command failed (0x200 00 - 0x05 : Mailbox Command Incomplete) PROBLEM: (HPAQC032X/QAR 66952) (Patch ID: OSF440-018) ******** This patch fixes an kernel memory fault caused by a streams SMP race condition. This kernel memory fault will have stack traces that may include STREAMS components or 512 byte kmembucket corruption. PROBLEM: (QAR 69554, QAR 70444, QAR 72011, QAR 72852, QAR 73439) ******** This patch fixes the following Universal Serial Bus (USB) problems: - The USB mouse no longer functions after resetting the Xserver. - System panics may occur inerror handling after USB device fails a request. - The USB device may not deconfigure properly when unplugged from the bus. - Problems that will prevent some USB devices from being configured at boot time. - A key on a USB keyboard will continue to repeat after being unplugged. - USB keyboards may transmit the incorrect keycode for several keys. PROBLEM: (QAR 46648 QAR 70765>) (Patch ID: OSF440-073) ******** This patch fixes a system hang in which there is a large number of pending ioctl's on the streams queue. PROBLEM: ('QAR 51449, QAR 70650') (Patch ID: OSF440-219) ******** This patch fixes a panic in AdvFS which can have the following error messages: panic (cpu 1): bs_cow_pg: pin clone err -OR- panic (cpu 1): bs_cow_pg: cannot get blkMap PROBLEM: (QAR 72787) (Patch ID: OSF440-110) ******** This patch fixes a kernel memory fault caused by a mishandling of multicast addresses on the FDDI interface. The following stack represents this problem: panic afault_trap _XentUna write_io_port fta_transition_state PROBLEM: (UVO58394) (Patch ID: OSF440-116) ******** This patch fixes a problem most frequently encountered by the ppp daemon /usr/sbin/pppd, when the ppp connection is terminated. When run in debug mode, an exiting pppd will log a message of the form listed below when the error is encountered. >> May 25 12:29:17 dragon pppd[2525]: ioctl(SIOCDIFADDR): Invalid argument Successive attempts to bring the ppp interface will fail, and executing 'ifconfig -a' will show that IP addressses still configured on the ppp interface for the ppp connection that was terminated. PROBLEM: (DEKB20145, UTO101928) (Patch ID: OSF440-070) ******** This patch fixes a kernel memory fault and an SMP race condition with the AltaVista Firewall 98 server on a multi-cpu system. The stack trace will contain: _XentMM ip_outputscreen screen_getnext screen_control PROBLEM: (JHB100062/QAR 69563) (Patch ID: OSF440-071) ******** This patch fixes a problem when a default IP address and a cluster virtual IP address get interchanged after a network restart. The default interface address is used by all outgoing traffic and the alias address is only usable for the incoming packets. PROBLEM: (CLD HPAQ61WN1) (Patch ID: OSF440-216) ******** This patch fixes a problem in which the system may panic with the error message "tcp_output REXMT". An example panic stack trace is: 0 boot 1 panic 2 tcp_setpersist 3 tcp_timers 4 tcp_usrreq 5 tcp_slowtimo 6 pfslowtimo 7 pftimeout_thread PROBLEM: (CLD EVT102855, QAR 73939) (Patch ID: OSF440-196) ******** This patch fixes a problem where RCP commands issued from a Sun Solaris system to Compaq Tru64 UNIX may sometimes fail incorrectly with the error message "Connection reset by peer." PROBLEM: (QAR 73901) (Patch ID: OSF440-240) ******** This patch fixes a TCP performance problem if the TCP window scale option is turned off when using the HIPPI interface. PROBLEM: (BCGMB0J3G, HPAQB1T92, BCPMB1K80, BCPMB1RJ5, QAR 75415) (Patch ID: OSF440-270) ******** This patch fixes a system panic: "tcphdr too big". The problem is caused when the SACK option field exceeds 48 bytes and the length adjustment code, found in tcp_output(), calculates a negtive length. A typical stack trace will look as follows: panic tcp_output tcp_input ipintr netisr_thread PROBLEM: (QAR 75381) (Patch ID: OSF440-292) ******** This patch consists of changes necessary for AV firewall 98 to pass ICSA certification. PROBLEM: (HPAQ7003V QAR 73588) (Patch ID: OSF440-160) ******** This patch fixes a problem with packetfilter applications that use ip packets greater than 8k. Application using packets greater than 8k can see messages in the application or tcpdump indicating truncated ip packets with missing data. PROBLEM: (None) (Patch ID: OSF440-295) ******** This patch involves virtual mac addressing. PROBLEM: (STLN70421, TKT011847, 71131, 66643) (PATCH ID: OSF440-200) ******** This patch fixes a problem that caused AdvFS to incorrectly calculate metadata file size for files greater than 4GB. This incorrect calculation resulted in the following errors: - Reads of metadata files that are larger than 4GB incorrectly report End-of -File - Reads of files whose extent maps occur more than 4GB from the beginning of the BMT, incorrectly report End-of-File - An incorrect file size of a metadata file is returned by "ls -ls" - Incorrect output is returned by the showfile command -The verify program reports incorrect errors PROBLEM: (MGO85573B) (PATCH ID: OSF440-297) ******** This patch fixes a bug such that when 'fuser -k' is issued on a dismounted NFS mount point in which some process is running, a hang will occur. A new flag, -p, has been introduced. When the -p flag is used with the -c flag, as in 'fuser -c -p -k /mnt', the parent directories are ignored and the processes are gracefully killed. PROBLEM: (QAR 73827 QAR 71974) (PATCH ID: OSF440-302) ******** This patch fixes a problem in which an invalid error status is returned from the remove_entry system call. PROBLEM: (74926, 75142) (PATCH ID: OSF440-307) ******** This patch fixes a problem in which the interaction between mfs file systems and smoothsync causes procprod to read stale data. PROBLEM: (SQO43343A, EVT33786A, HPAQC1MDN, TKTBC0056) (PATCH ID: OSF440-309) ******** This fixes a kernel memory fault when accessing the vm_map_index hash table. An example stack trace: panic() trap() _XentMM() u_map_delete() vm_map_delete() munmap() syscall() _Xsyscall() PROBLEM: (MGO90721A) (PATCH ID: OSF440-310) ******** This patch fixes a problem with simple_lock: time limit exceeded panic seen on SMP systems with the namei.nch_lockinfo lock. A typical entry in the /var/adm/messages file would be: simple_lock: time limit exceeded pc of caller: 0xfffffc00004445d8 lock address: 0xfffffc0000eb50e8 lock info addr: 0xfffffc0000772be0 lock class name: namei.nch_lockinfo current lock state: 0x800000be00443b45 (cpu=0,pc=0xfffffc0000443b44,busy) PROBLEM: (13096) (PATCH ID: OSF440-311) ******** In the per-VP scheduling state that is shared between the kernel and the DECthreads library scheduler, the compiler generates ldq/stq pairs for a 32-bit data object that neighbors another 32-bit variable. This patch fixes the stq that causes a word tear that corrupts the per-VP floating point flag field called nxm_fp_owned. The affected data structures are defined in . PROBLEM: (74687, 74709) (PATCH ID: OSF440-312) ******** This patch fixes a problem in AdvFS. The system panics with a kernel memory fault. PROBLEM: (71207, 71531) (PATCH ID: OSF440-313) ******** This patch fixes a problem in AdvFS. A system panic occured with the following error message: panic: del_dealloc_stg(): cant ref bmt page PROBLEM: (BCPMB215Q) (PATCH ID: OSF440-317) ******** This patch fixes a kernel memory fault in VMAC code if_addnewaddr(). The fault will occur from ifconfig(8) and the stack will include: _XentMM bcmp if_addnewaddr ifioctl soo_ioctl ioctl_base ioctl syscall PROBLEM: (BCGMC0WVV) (PATCH ID: OSF440-320) ******** This This patch fixes a system hang that could last up to a few minutes with large files when performing synchronous IO requests. The fix is to split up msync() requests into manageable pieces so users can continue working. PROBLEM: (HPAQB1FTS) (PATCH ID: OSF440-322) ******** This patch fixes a system panic with panic string: "psig: catch not set" An example stack trace is as follows: panic() psig() mach_checksig() PROBLEM: (MGO84898A) (PATCH ID: OSF440-324) ******** This corrects a kernel memory fault caused by rw3vp_cache passing a bad address to _OtsZero(). An example stack trace: panic() trap() _XentMM() _OtsZero() rw3vp_cache PROBLEM: (75185, 75088, 74801) (PATCH ID: OSF440-328) ******** This patch corrects a problem in which the perrmask register on Tsunami systems can be overwritten. PROBLEM: (77157, 76777) (PATCH ID: OSF440-335) ******** This patch fixes a problem where the output of a "ps" command, the PAGEIN column reports 0 for all processes. After installing this patch, the ps PAGEIN value increases as advfs accesses the disk for vm accesses (but not for normal file read). PROBLEM: (76461, 75539) (PATCH ID: OSF440-337) ******** This patch fixes a problem in which an application can hang because of an undelivered signal. PROBLEM: (73321, 73943) (PATCH ID: OSF440-340) ******** This patch fixes a problem in Advfs. A panic occurs with the following error message: lock_read: hierarchy violation Two relevant stack traces are listed below: Stack Trace #1 1 panic() 2 thread_block() 3 thread_preempt() 4 boot() 5 panic() 6 cpu_ip_intr() 7 _XentInt() 8 simple_lock() 9 sq_wrapper() 10 csq_lateral() 11 runq_run() 12 netisr_thread() Stack Trace #2 1 panic() 2 event_timeout() 3 xcpu_puts() 4 printf() 5 panic() 6 lock_fault() 7 lock_read() 8 x_load_inmem_xtnt_map() 9 page_is_mapped() 10 bs_pinpg_one_int() 11 bs_pinpg_clone() 12 bs_pinpg_ftx() 13 rbf_pinpg() 14 alloc_mcell_undo() 16 ftx_fail() 17 stg_add_stg_no_cow() 18 stg_add_stg() 19 bmt_extend() 20 alloc_mcell() 21 bmt_alloc_prim_mcell() 22 new_mcell() 23 rbf_int_create() 24 rbf_create() 25 fs_create_file() 26 msfs_create() 27 vn_open() 28 copen() 29 open() 30 syscall() 31 _Xsyscall() PROBLEM: (QCAPUN003) (PATCH ID: OSF440-341) ******** This patch fixes a problem where the system appears to hang. A child process is holding a lock too long and preventing other processes from doing work. The child process is waiting to be re-parented as its parent is winding down. No new processes can be created, although certain existing processes will still continue to function. A forced crash will reveal several processes waiting for the pgrphash lock. The pgrphash lock will be held by a child process waiting for its parent to die which is being held up by an external event. A sample stack trace for the child process holding the pgrphash lock 0 thread_block 1 get_parent 2 fixjobc 3 pgmv 4 setpgrp1 5 setpgid 6 syscall 7 _Xsyscall PROBLEM: (BCGM10RFF, 77112) (PATCH ID: OSF440-342) ******** This patch fixes a problem where if the size of a message queue was increased, writers to the queue that were blocked would not wake up for processing. The msgctl(2) and msgsnd(2) system calls now test if the message queue size has increased and if there are writers waiting to get unblocked, then wakeup the writers and let them proceed. PROBLEM: (77713) (PATCH ID: OSF440-346) ******** This patch fixes a problem in which the POSIX interval timer is not resilent to clock slowdown cause either by NTP or by a backwards change of the clock. PROBLEM: (BCGM11QN6) (PATCH ID: OSF440-347) ******** This patch fixes a system panic on a large system configuration. The system will panic with the following panic string: "simple lock time limit exceeded" and is only seen under heavy load. PROBLEM: (HPAQ10DTH, UVO55282) (PATCH ID: OSF440-348) ******** This patch provides the latest driver for the PowerStorm 4D10T (ELSA GLoria Synergy, SN-PBXGK-BB) graphics card and the latest graphics driver for the PCI To Ethernet/Graphics Combo Adapter (3X-DEPVD-AA). This version of the driver fixes a problem where the card might fail to operate correctly after a reboot and also fixes a minor problem in the cursor hotspot validation code. PROBLEM: (71353, 73768) (PATCH ID: OSF440-352) ******** This patch fixes a problem in AdvFS where putpage_lk/pg_busy deadlock causes hangs in the system. The stack traces are listed below: 0 thread_block 1 ubc_invalidate 2 bs_real_invalidate_pages 3 stg_remove_stg_start 4 bf_setup_truncation 5 msfs_setattr 6 vtruncate 7 ftruncate 8 syscall 9 _Xsyscall 0 thread_block 1 lock_wait 2 lock_read 3 msfs_putpage 4 ubc_memory_purge 5 vm_pageout PROBLEM: (75800, 77023) (PATCH ID: OSF440-353) ******** The patch fixes several panics on systems with holes in memory. The error messages are listed below: 1) panic: put_free_ptepage: invalid pvh state 2) panic: kernel memory fault trap: invalid memory read access from kernel mode Stack trace is listed below: 0 stop_secondary_cpu() [585, 0xfffffc00004ad350] 1 panic() [751, 0xfffffc0000285154] 2 event_timeout() [1159, 0xfffffc00004ae190] 3 xcpu_puts() [895, 0xfffffc000028543c] 4 printf() [423, 0xfffffc00002845e0] 5 panic() [804, 0xfffffc00002852b8] 6 trap() [1707, 0xfffffc00004c3cc8] 7 _XentMM() [1678, 0xfffffc00004b8a18] 8 simple_lock() [1022, 0xfffffc00004bb220] 9 pmap_enter() [1394, 0xfffffc00004db444] 10 u_dev_fault() [348, 0xfffffc0000481ac0] 11 u_map_fault() [560, 0xfffffc000049a6e0] 12 vm_fault() [134, 0xfffffc000048c620] 13 trap() [1726, 0xfffffc00004c3018] 14 _XentMM() [1678, 0xfffffc00004b8a18] 3) panic: not wired simple_lock: hierarchy violation Stack trace is listed below: 1 panic() 2 event_timeout() 3 xcpu_puts() 4 printf() 5 panic() 6 pmap_lw_unwire_new() 7 lw_unwire_new() 8 vm_map_pageable() 9 physio() 10 physiock() 11 volread() 12 spec_read() 13 msfsspec_read() 14 vn_pread() 15 prwuio() PROBLEM: (UVO74098) (PATCH ID: OSF440-360) ******** This patch adds a fix to VMAC functionality when used with NETrain. PROBLEM: (EVT91336A) (PATCH ID: OSF440-361) ******** This patch fixes a problem where the following can occur during a system panic: - system calls interrupts - mpsleep() returns an EINTR error when the panicstr is non-NULL - an indefinite looping at a very high priority PROBLEM: (FNO86520A) (PATCH ID: OSF440-362) ******** This patch fixes the problem of user/group quota underflow messages from appearing on the console. It also fixes the problem of inconsistent AdvFS quotas found when comparing vrepquota and vquota. An example of a console message that can be seen is: vmunix: chk_bf_quota: group quota underflow vmunix: chk_bf_quota: user quota underflow PROBLEM: (72111, 74264) (PATCH ID: OSF440-363) ******** This patch fixes a problem with verify. When verify is run on a brand new domain, nfs warnings are displayed even though no nfs related activity is being done. PROBLEM: (HPAQ20N23) (PATCH ID: OSF440-367) ******** This patch corrects a problem with the incorrect ordering of network interfaces which was resulting in network partitions. PROBLEM: (TKTR90018) (PATCH ID: OSF440-372) ******** This patch fixes a "lock_terminate: lock held" panic when deleting a process group. An example stack trace: panic("lock_terminate: lock held") lock_terminate() pgdelete() pgrp_unref() pgrm() proc_teardown() waitf() wait4() syscall() _Xsyscall() PROBLEM: (HPAQ20V27) (PATCH ID: OSF440-373) ******** This fixes an "unaligned kernel space access from kernel mode" panic when doing a malloc from kmembucket[26], 896 byte bucket. The faulting virtual address will be the lock signature for thread_deallocate(). PROBLEM: (BRO96818B) (PATCH ID: OSF440-374) ******** This fixes a kernel memory fault in u_anon_faultpage() when it access the backing object for the anonymous page. An example stack trace: panic() trap() _XentMM() u_anon_faultpage() u_anon_fault() u_map_fault() vm_fault() trap() _XentMM() PROBLEM: (74651, 75705) (PATCH ID: OSF440-379) ******** This patch fixes a problem where a root user was not allowed to check file access on behalf of a user without completely becoming the user. The functionality is needed by the ASU (Advanced Server for UNIX) product. PROBLEM: (HPAQ30SQ8) (PATCH ID: OSF440-380) ******** This patch fixes a panic in in_pcbfree() when ASE fails over NFS applications that use listener sockets. The stack trace will look like the following: panic in_pcbfree tcp_input ipintr netisr_thread PROBLEM: (75767, 76029) (PATCH ID: OSF440-382) ******** This patch fixes a file system panic which has the following error message: syscall: complex lock owned the stack trace is listed below: 5 panic() 6 syscall() 7 _Xsyscall() PROBLEM: (76352, 76676) (PATCH ID: OSF440-383) ******** This patch fixes an AdvFS problem which caused the system to crash with a kernel memory fault. The stack trace is listed below: 8 panic() 9 trap() 10 _XentMM() 11 msfs_real_syscall() 12 msfs_syscall() 13 syscall() 14 _Xsyscall() PROBLEM: (58325) (PATCH ID: OSF440-393) ******** This patch fixes UFS metadata update performance by adding a mount option, "delayed", for UFS to convert synchronous metadata writes into delayed metadata writes. The File System is often used as a cache for transitory data such as in web servers. Applications such as Squid web proxy server will get a significant performance boost by enabling this option. Restoring from tape is another application that can be benefitted from this. PROBLEM: (ISO100518) (PATCH ID: OSF440-394) ******** This patch fixes a kernel memory fault panic seen under certain circumstances when a process or thread was setting its priority. A typical stack trace would be: > 0 boot src/kernel/arch/alpha/machdep.c : 1890 1 panic src/kernel/bsd/subr_prf.c : 834 2 trap src/kernel/arch/alpha/trap.c : 1659 3 _XentMM src/kernel/arch/alpha/locore.s : 1645 4 nxm_manager_boost src/kernel/kern/syscall_subr.c : 2503 5 trap src/kernel/arch/alpha/trap.c : 2132 6 _Xsyscall src/kernel/arch/alpha/locore.s : 1537 PROBLEM: (TKTR30001) (PATCH ID: OSF440-397) ******** This patch fixes a race condition in the UBC code where a lookup is done on a page being invalidated (freed). The lookup continued to access the data structure after it was freed, and depending on who uses the data structure next, this causes the lookup to think that the invalidation did not complete and wait. PROBLEM: (HPAQA20BT) (PATCH ID: OSF440-398) ******** This patch fixes a problem found to be a race condition involving signals and threads that happens only on multiprocessor systems. A typical stack trace could be: 5 stop_secondary_cpu 6 panic 7 event_timeout 8 simple_lock_miss 9 common_exec 10 execve 11 syscall PROBLEM: (75494, 75997) (PATCH ID: OSF440-405) ******** This patch fixes a problem with a kernel memory fault in AdvFS. The stack trace is listed below: 5 panic() 6 trap() 7 _XentMM() 8 bmtr_scan_mcells() 9 bmtr_get_rec_n_lk() 10 bf_get_l() 11 bf_get() 12 msfs_lookup() 13 namei() 14 vn_open() 15 copen() 16 open() 17 syscall() 18 _Xsyscall() PROBLEM: (TKTBC0035, 78015) (PATCH ID: OSF440-407) ******** This patch fixes a problem where the operating system only looks in slot 0 for the primary CPU when in console mode. This can be seen when examining the binary.errlog with the DECevent utility. On a EV6 CPU system, DECevent displays the text in an incorrect format that translates to an EV5 CPU. PROBLEM: (79084, n/a) (PATCH ID: OSF440-414) ******** 1) When booting a system, that has a KZPCC controller, with lockmode set to 4 you will receive the following panic: simple_lock: minimum spl violation pc of caller: 0xfffffc000064759c lock address: 0xfffffc00008f05f0 lock info addr: 0xfffffc0000a7fb40 lock class name: mpqueue_head.lock current spl level: 0 required spl level: 5 panic (cpu 0): simple_lock: minimum spl violation 2) When rebooting an EV67 platform that has a KZPCC controller you will encounter the following messages in the boot messages: pci2000 at pci0 slot 17 I2O device timed-out exiting INIT _state, entering RESET state i2o0 at pci2000 slot 4 At this point no devices attached to the KZPCC controller will be seen. PROBLEM: (76155, 76156, 77967) (PATCH ID: OSF440-415) ******** This patch fixes a kernel memory fault caused by either one of the following conditions: 1. On EV6 platforms, when the debugger is used to view the OT_DEVMAP object mapping memory in I/O space that is mapped to a user process. 2. When routine pmap_coproc_exit_notify() modifies the pmaps' coproc_tbi function to be 0, a null pointer, while it is being checked by routine pmap_remove_all() PROBLEM: (74277, 74545) (PATCH ID: OSF440-417) ******** This patch fixes a problem in which operations on NFS files can hang indefinately. PROBLEM: (77530) (PATCH ID: OSF440-419) ******** This patch updates the emx Fiber Channel driver to revision 1.21 which corrects a Data Error that is seen when running with the latest Emulex firmware. This error corrupts data when reading from the disk. PROBLEM: (QAR 73151) (Patch ID: OSF440-250) ******** This patch fixes a problem in which invalid references to PCI related information in sysconfigtab can prevent the system from booting. PROBLEM: (76645, 75539) (PATCH ID: OSF440-331) ******** This patch fixes a problem in which a PCI bridge-based boot device may fail to configure on large IO systems. PROBLEM: (79542) (PATCH ID: OSF440-418) ******** This patch fixes a problem where genvmunix does not boot on a system with an Atalla AXL200 card installed. PROBLEM: (73025, KAOQ41936, 75529, 77885) (PATCH ID: OSF440-364) ******** This patch fixes several problems specific to AlphaServer 1200 and AlphaServer 4100 systems. 1) the user.log file has the following message: redundant power supply failure 2) the messages file has the following intermittent messages: ERROR: i2c_read_temp: enviromental monitoring error; ERROR: i2c_read_fail_reg: enviromental monitoring error; ERROR: i2c_read_func_reg: enviromental monitoring error; 3) systems were shutting themselves down displaying the following message: System has reached a high temperature condition. Possible problem source: Clogged air filter or high ambient room temperature. PROBLEM: (78499, 77888) (PATCH ID: OSF440-408) ******** This patch is a modification to pci resource management to allow support behind pci bridges for the AXL200 card. PROBLEM: (QAR 72415) (Patch ID: OSF440-135) ******** This patch fixes a system hang problem due to a bug in the nfs write gathering code. The code does not fully synch all writes. PROBLEM: (QARS 72799 73173,CLD HPAQ61LX8) (Patch ID: OSF440-140) ******** This patch fixes a problem where applications on V4.0F systems can hang, looping in readdirplus(). PROBLEM: (QAR 74292 QAR 72843) (Patch ID: OSF440-225) ******** This patch corrects a timing problem that can occur when a TCP NFS connection is reset. The system crashes with the following stack trace: panic("kernel memory fault") trap _XentMM m_free nfs_tcp_manager nfs_svc nfssvc syscall PROBLEM: (QAR 74776 QAR 75082 FNO81417A HPAQA1JQR) (Patch ID: OSF440-263) ******** This patch is an upgrade to the Gigabit ethernet driver version 1.0.12 to fix various performance problems. PROBLEM: (EVT19938A, MGO53352A, TKTB30013, 79783, BCSM50XTD, BCSM511NN, BCSM51BGL) (PATCH ID: OSF440-434) ******** This patch fixes problems seen in the relocation of NFS services when clients have at least one of the filesystems mounted over TCP. The symptom is that at least one of the filesystems will fail to unmount when the failover is attempted. When analysis of that system is completed, at least one of the nfs_tcp_threads will be hung in rrok3free(). The stack trace will look similar to this: 0 thread_block() 1 mpsleep() 2 rrok3free() 3 svcktcp_reply() 4 svc_sendreply() 5 rfs_sendreply() 6 rfs_dispatch() 7 nfs_rpc_recv() 8 nfs_tcp_thread () PROBLEM: (MGO45830B) (PATCH ID: OSF440-424) ******** System spends excessive time in the internet checksum routine due to an invalid message length. Performance is degraded significantly. PROBLEM: (67762, 74793, HPAQ112FQ) (PATCH ID: OSF440-436) ******** This patch fixes reply values for NFS writes which were causing protocol violations. PROBLEM: (CLD BCGM60T9M QAR 74458) (Patch ID: OSF440-229) ******** This patch fixes a problem of the fverify -n flag creating directores. PROBLEM: (73942, 72418, 78280) (PATCH ID: OSF440-457) ******** This patch fixes a problem in AdvFS in which a system that had already domain panic'ed results in a system panic. PROBLEM: (none) (PATCH ID: OSF440-480) ******** This patch provides support for the DEGPA-TA (1000BaseT) Gigabit Ethernet device. PROBLEM: (78838) (PATCH ID: OSF440-458) ******** The problem caused an incorrect bcache size to be returned to the kernel from the HWRPB. This problem occurred on Professional Workstation 900 and 1000 systems and AlphaServer DS10, DS20, DS20E, ES40, GS80, GS160, and GS320 systems. PROBLEM: (74210, 74577) (PATCH ID: OSF440-447) ******** This patch fixes an AdvFS kernel memory fault caused by a race condition between migrate and chfile -L in bfflush_start. The stack trace is listed below: 5 panic("kernel memory fault") 6 trap() 7 _XentMM() 8 bfflush_start() 9 bs_bf_flush_nowait() 10 cp_copy_page_range() 11 migrate_normal() 12 mig_migrate() 13 bs_migrate() 14 msfs_syscall_op_migrate() 15 msfs_real_syscall() 16 msfs_syscall() 17 syscall() 18 _Xsyscall() PROBLEM: (none) (PATCH ID: OSF440-483) ******** This patch provides the device driver support for 3DLabs Oxygen VX1 graphics adapter. PROBLEM: (77638, 78380) (PATCH ID: OSF440-450) ******** This patch fixes a panic in the UFS filesystem which has the following error message: blkfree: freeing free block The stack trace is listed below: 1 panic() 2 event_timeout() 3 xcpu_puts() 4 printf() 5 panic() 6 blkfree() 7 indirtrunc() 8 itrunc() 9 ufs_setattr() 10 vn_open_ftrunc() 11 vn_open() 12 copen() 13 open() 14 syscall() 15 _Xsyscall() PROBLEM: (BCPM804R1, BCPM804KJ) (PATCH ID: OSF440-481) ******** This patch provides support for the DE600/DE602 10/100 Ethernet adapters and fixes the following problems: - a machine check that may occur shortly after boot or when receiving large amounts of data, - the primary CPU may appear hung on networks where switches send "Flow Control Pause" frames if they become overloaded, and - transmit timeout messages appearing in the console log due to the driver timing out a frame. PROBLEM: (BCSM412FX) (PATCH ID: OSF440-435) ******** This patch fixes a panic in in_pcbfree() when NFS is implemented over TCP. If an NFS server stops servicing requests to clients and the server is rebooted to clear the NFS problem, the clients panic in in_pcbfree(). A typical client stack trace is: panic in_pcbfree tcp_input ipintr PROBLEM: (77274, 78605) (PATCH ID: OSF440-454) ******** This patch fixes a problem with AdvFS. An AdvFS domain becomes inaccessible when using the mount -d option. PROBLEM: (76332) (PATCH ID: OSF440-427) ******** This patch corrects a kernel problem which causes ping(8) to hang using the -d flag. PROBLEM: (73864, 74625) (PATCH ID: OSF440-456) ******** This patch fixes a problem with AdvFS in which a hang occurs due to a deadlock between bsbuf.state and bmt extent map lock. PROBLEM: (75266, 74605) (PATCH ID: OSF440-477) ******** This patch fixes a problem in AdvFS. The following error messages can occur: panic: simple_lock: uninitialized lock -or- kernel memory fault: simple_lock: minimum spl violation Stack trace is listed below for the panic: 0 boot src/kernel/arch/alpha/machdep.c : 1985 1 panic src/kernel/bsd/subr_prf.c : 755 2 lock_fault src/kernel/kern/lock.c : 2328 3 lock_write src/kernel/kern/lock.c : 627 4 ubc_bufalloc src/kernel/vfs/vfs_ubc.c : 1417 5 ufs_rwblk src/kernel/ufs/ufs_vnops.c : 4872 6 ufs_writepages src/kernel/ufs/ufs_vnops.c : 5873 7 ufs_putpage src/kernel/ufs/ufs_vnops.c : 5700 8 ubc_flush_dirty src/kernel/vfs/vfs_ubc.c : 3287 9 mntflushbuf src/kernel/vfs/vfs_bio.c : 1537 10 boot src/kernel/arch/alpha/machdep.c : 1914 11 panic src/kernel/bsd/subr_prf.c : 842 12 simple_lock_fault src/kernel/kern/lock.c : 2393 13 simple_lock_valid_violation src/kernel/kern/lock.c : 2412 14 grab_bsacc src/kernel/msfs/bs/bs_access.c : 3499 15 rbf_access_one_int src/kernel/msfs/bs/bs_access.c : 2619 16 rbf_access_int src/kernel/msfs/bs/bs_access.c : 2497 17 rbf_vfs_access src/kernel/msfs/bs/bs_access.c : 2369 18 bf_get_l src/kernel/msfs/osf/msfs_misc.c : 1303 19 msfs_lookup src/kernel/msfs/osf/msfs_lookup.c : 866 20 namei src/kernel/vfs/vfs_lookup.c : 592 21 vn_open src/kernel/vfs/vfs_vnops.c : 600 The stack trace is listed below for the kernel memory fault: 0 boot src/kernel/arch/alpha/machdep.c : 1985 1 panic src/kernel/bsd/subr_prf.c : 755 2 lock_fault src/kernel/kern/lock.c : 2328 3 lock_write src/kernel/kern/lock.c : 627 4 ubc_bufalloc src/kernel/vfs/vfs_ubc.c : 1417 5 ufs_rwblk src/kernel/ufs/ufs_vnops.c : 4872 6 ufs_writepages src/kernel/ufs/ufs_vnops.c : 5898 7 ufs_putpage src/kernel/ufs/ufs_vnops.c : 5700 8 ubc_flush_dirty src/kernel/vfs/vfs_ubc.c : 3287 9 mntflushbuf src/kernel/vfs/vfs_bio.c : 1537 10 boot src/kernel/arch/alpha/machdep.c : 1914 11 panic src/kernel/bsd/subr_prf.c : 842 12 trap src/kernel/arch/alpha/trap.c : 1753 13 _XentMM src/kernel/arch/alpha/locore.s : 1736 14 prf src/kernel/bsd/subr_prf.c : 1101 15 printf src/kernel/bsd/subr_prf.c : 405 16 simple_lock_fault src/kernel/kern/lock.c : 2362 17 simple_lock_minspl_violation src/kernel/kern/lock.c : 2426 18 grab_bsacc src/kernel/msfs/bs/bs_access.c : 3499 19 rbf_access_one_int src/kernel/msfs/bs/bs_access.c : 2619 20 rbf_access_int src/kernel/msfs/bs/bs_access.c : 2497 21 rbf_vfs_access src/kernel/msfs/bs/bs_access.c : 2369 22 bf_get_l src/kernel/msfs/osf/msfs_misc.c : 1303 23 msfs_lookup src/kernel/msfs/osf/msfs_lookup.c : 866 24 namei src/kernel/vfs/vfs_lookup.c : 592 25 vn_open src/kernel/vfs/vfs_vnops.c : 600 PROBLEM: (UVO04205, 73635) (PATCH ID: OSF440-449) ******** This patch corrects a problem when a network interface is configured using a CIDR bitmask and lies in a certain address range; it could be unreachable by users on the local system and remote systems that choose not to use the routing table, but simply transmit on an interface. PROBLEM: (BCSM702LV, MGO59344E, MGO75812A) (PATCH ID: OSF440-471) ******** There is a potential for a system panic in routine sbflush() if there is an attempt to flush a socket buffer while it is locked by another thread. This patch corrects the problem. PROBLEM: (73035, 75406, 74962) (PATCH ID: OSF440-442) ******** This patch fixes a problem with AdvFS where all processes are waiting for buffers causing the system to hang. PROBLEM: (79937, 79251, 79305, 80263) (PATCH ID: OSF440-482) ******** This patch fixes a hang or simple_lock_state_violation/simple_lock_fault panic in biodone. This patch places mount throttle fields under the new mount_throttle_lock (locking requirements described in mount.h). These fields previously were under the mount lock. The problem is that it was possible for the mount lock to be held in a context which could be interrupted by a higher priority event, such as biodone, which could also require this lock. The solution is to protect these fields under a different lock and spl. The key pieces of the stack trace for this problem are: biodone() -- wants mount lock ... ... -- interrupt service routines ... _XentInt() -- interrupt ... vfs_unbusy() -- some routine which takes the mount lock (vfs_unbusy is not unique here) PROBLEM: (71455, 72062) (PATCH ID: OSF440-446) ******** This patch fixes a panic in AdvFS that has the following error message: ftx_fail_2: dirty page not allowed PROBLEM: (73112, 78765) (PATCH ID: OSF440-465) ******** This patch fixes two panics that has the following error messages: simple_lock: time limit exceeded -and- simple_lock: lock already owned by cpu Sample stack traces are listed below: Stack trace #1 simple_lock: time limit exceeded pc of caller: 0xffffffff000adf44 lock address: 0xfffffc001879ca80 lock info addr: 0xfffffc0001404cd0 lock class name: task.lock current lock state: 0xd00000bd000ac4cd panic (cpu 0): simple_lock: time limit exceeded syncing disks... done Stack trace #2 12 panic("simple_lock: lock already owned by cpu") 13 simple_lock_fault() 14 simple_lock_state_violation() 15 thread_deallocate() 16 task_swapout() 17 task_swapout_thread() PROBLEM: (78020, 78520) (PATCH ID: OSF440-469) ******** This patch fixes a problem in AdvFS where user data may be lost when a clone file is migrated. PROBLEM: (GOZ100546, GOZ100949, QAR 51038, QAR 64034) (Patch ID: OSF440-063) ******** This patch fixes a problem where NFS does not update mtime and atime for special files and named pipes. PROBLEM: (BCPM9124T) (Patch ID: OSF440-063) ******** This patch fixes a problem that can cause an NFS client application to hang, or causes a "lock already owned by thread" panic when lockmode=4. The problem occurs when the application tries to rename a sub-directory to its parent. A stack trace of a hung NFS client application, or the panicing process, may look like: 0 thread_block() 1 lock_write() 0 thread_block() 1 lock_write() 2 nfs3_rename() 3 rename() 4 syscall() 5 _Xsyscall() PROBLEM: (QAR 66747) (Patch ID: OSF440-063) ******** A potential security vulnerability has been discovered, where under certain circumstances system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (CLD HPAQ200SX, MCPM415SF, HPAQ914NT QAR 45528) (Patch ID: OSF440-063) ******** This patch corrects an NFS client problem where a KMF panic can result from incorrect locking. A typical stack trace would be: 0 boot() ["../../../../src/kernel/arch/alpha/machdep.c":1889 1 panic(s = 0xfffffc00005fcf68 = "kernel memory fault") 2 trap 3 _XentMM 4 atomic_decl 5 clntktcp_freesock 6 clfree 7 rfscall 8 rfs3call 9 nfs3_getattr_otw 10 nfs3getattr 11 nfs3_getattr . . PROBLEM: (CLD BCGM40VQ6, MGO104026, QAR 51061) (Patch ID: OSF440-063) ******** This patch fixes a problem where an NFS client process may hang in the uninterruptable state. Specifically, compilation builds may hang during the ld phase (linking). PROBLEM: (QAR 70269, 70640) (Patch ID: OSF440-075) ******** This patch fixes a restart detection problem with the proplistd daemon. Prior to this fix, when mounting a relocated ASE NFS service with property lists, clients did not detect that the proplistd RPC port number had changed. Clients continued to use the proplistd RPC port number of the old ASE cluster member. PROBLEM: (MGO59344C, 80674) (PATCH ID: OSF440-476) ******** This patch is to prevent a hang that can occur using NFS over TCP. Many NFS TCP server threads will be blocked for several minutes and their stack trace will look like the following: 0 thread_block 1 mpsleep 2 sosleep 3 sosbwait 4 sosend 5 xdrrecmbuf_send 6 svcktcp_reply 7 svc_sendreply 8 rfs_sendreply 9 rfs_dispatch 10 nfs_rpc_recv 11 nfs_tcp_thread This problem is a race condition and will only be seen on SMP systems. PROBLEM: (83662, 83714) (PATCH ID: OSF440-534) ******** The receiver on the DE60x will hang. Packets can be sent from the interface but are never received. "netstat -s -i" will typically show a high number of data overruns for the affected interface. Running "ifconfig down" followed by "ifconfig up" will restart the receiver, as will rebooting. lan_config behavior was not as expected with previous versions of the DE60x driver. There are two options to lan_config, -s (speed) and -x (mode). "lan_config -s100" would revert the mode to half-duplex, since "-x" was omitted. Conversely, "lan_config -x1" would revert the speed to 10, since "-s" was omitted. A workaround is to always specify "-s" and "-x" on the lan_config command-line. PROBLEM: (GOZ96332B) (PATCH ID: OSF440-578) ******** This patch fixes a problem when using multiple subnets on a netowrk interface; APR request packets sent by the system will contain the IP alias address in the sender field when that alias is in the same subnet as the requested IP address. PROBLEM: (GOZ03925B) (PATCH ID: OSF440-579) ******** This patch fixes a problem when using an IP alias address on a network interface. Applications making IOCTL calls (such as SIOGIFNETMASK and SIOCGIFBRADDR) accessing the IP alias address will now return the correct values for the alias instead of the primary address. PROBLEM: (STL069451) (PATCH ID: OSF440-514) ******** This patch corrects a problem in which a single application's creating and removing of files repeatedly in the absence of other applications working on the same fileset can cause poor 'update' daemon performance due to a flawed kernel hashing algorithm. PROBLEM: (BCGM805NL) (PATCH ID: OSF440-559) ******** These changes address panics which can occur if a signal is sent to a multi-threaded task in which one or more threads are calling exit() or exec(). The panic is invariably a kernel memory fault whose faulting virtual address is usually 0x50. The following panic message is typical: trap: invalid memory read access from kernel mode faulting virtual address: 0x0000000000000050 pc of faulting instruction: 0xfffffc0000283bc0 ra contents at time of fault: 0xfffffc0000283bb4 sp contents at time of fault: 0xfffffe0450d77360 An example stack trace: 0 thread_block 1 thread_preempt 2 boot 3 panic 4 trap 5 _XentMM 6 thread_signal_wakeup 7 psignal_internal 8 kill 9 syscall 10 _Xsyscall PROBLEM: (83661, 85312, STL111443) (PATCH ID: OSF440-554) ******** This patch fixes a problem where the setgid bit of a directory was not being set when created, if its parent directory has the setgid bit set. PROBLEM: (MGO02694A) (PATCH ID: OSF440-550) ******** This patch fixes hangs in AdvFS fileset operations such as clone creation and deletion when I/O errors or device full conditions resulted in the operation being "undone". PROBLEM: (GOZ24311B, 86217, 96686) (PATCH ID: OSF440-492, OSF440-1085) ******** This patch fixes a problem in which the system may panic with the panic string "Unaligned kernel space access from kernel mode". An example panic stack trace is: 0 thread_block 1 xpt_ccb_alloc 2 ccmn_get_ccb3 3 ccmn_io_ccb_bld3 4 cdisk_strategy 5 voliostart 6 volstrategy0 7 volstrategy 8 PRvolstrategy 9 spec_strategy 10 call_disk 11 bs_startio 12 bs_bflush 13 bs_bfdmn_flush_bfrs 14 msfs_mntflushbuf 15 mntflushbuf 16 boot 17 panic 18 afault_trap 19 _XentUna 20 simple_lock 21 csq_lateral 22 runq_run 23 netisr_thread PROBLEM: (80302, 80232) (PATCH ID: OSF440-489) ******** This patch fixes a kernel memory fault from ufs_mount(). PROBLEM: (MGO16194A) (PATCH ID: OSF440-567) ******** This patch fixes the simple lock timeout panic seen when working with NFS loopback mounted file systems with large numbers of dirty pages. The stack trace will usualy include ubc_written_cluster(). : 3 panic 4 trap 5 _XentMM 6 ubc_page_alloc 7 nfs3_getapage 8 nfs3_getpage 9 rw3vp_cache 10 rw3vp 11 nfs3_rdwr 12 vn_write 13 rwuio 14 write 15 syscall 16 _Xsyscall PROBLEM: (HPAQ31DCC) (PATCH ID: OSF440-605) ******** This patch fixes an unaligned access panic which occurs in malloc() in V4.0F systems, while allocating memory from the 512 byte kernel memory bucket. It can occur on any type filesystem. The panic will have the following panic string: PANIC: "Unaligned kernel space access from kernel mode". The stack trace will show an unaligned access in malloc(), and typically can look like (but is not limited to) the following. 5 panic src/kernel/bsd/subr_prf.c : 804 6 afault_trap src/kernel/arch/alpha/trap.c : 2537 7 _XentUna src/kernel/arch/alpha/locore.s : 1863 8 malloc src/kernel/bsd/kern_malloc.c : 1298 9 initnewvnode src/kernel/vfs/vfs_subr.c : 1300 10 getnewvnode src/kernel/vfs/vfs_subr.c : 1861 11 get_n_setup_new_vnode src/kernel/msfs/bs/bs_access.c : 3299 12 rbf_access_one_int src/kernel/msfs/bs/bs_access.c : 2776 13 rbf_access_int src/kernel/msfs/bs/bs_access.c : 2559 14 rbf_vfs_access src/kernel/msfs/bs/bs_access.c : 2431 15 bf_get_l src/kernel/msfs/osf/msfs_misc.c : 1314 16 msfs_lookup src/kernel/msfs/osf/msfs_lookup.c : 839 17 namei src/kernel/vfs/vfs_lookup.c : 610 18 stat1 src/kernel/vfs/vfs_syscalls.c : 3077 19 lstat src/kernel/vfs/vfs_syscalls.c : 3057 20 syscall src/kernel/arch/alpha/syscall_trap.c : 627 21 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 or 5 panic src/kernel/bsd/subr_prf.c : 804 6 afault_trap src/kernel/arch/alpha/trap.c : 2537 7 _XentUna src/kernel/arch/alpha/locore.s : 1863 8 malloc src/kernel/bsd/kern_malloc.c : 1298 9 kalloc src/kernel/kern/kalloc.c : 149 10 attr_retrieve src/kernel/sec/spd_proplist.c : 504 11 pacl_fs_get src/kernel/sec/spd_pacl.c : 1219 12 pacl_vnperm src/kernel/sec/sec_acl.c : 630 13 paclaccess src/kernel/sec/sec_acl.c : 906 14 sp_vnaccess src/kernel/sec/sec_acl.c : 579 15 msfs_access src/kernel/msfs/osf/msfs_vnops.c : 1286 16 vn_open src/kernel/vfs/vfs_vnops.c : 614 17 copen src/kernel/vfs/vfs_syscalls.c : 2537 18 open src/kernel/vfs/vfs_syscalls.c : 2464 19 syscall src/kernel/arch/alpha/syscall_trap.c : 627 20 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 PROBLEM: (ALC-2-076) (PATCH ID: OSF440-544) ******** This patch provides support for activating temporary atomic write data logging on all files within the mount point. The data logging is turned off when the fileset is unmounted. PROBLEM: (ALC-2-076) (PATCH ID: OSF440-574) ******** This patch fixes a timing window where flushing data to disk can be incomplete when a system is going down. Note this can only occur if all of these conditions are true: o More than one thread calls the reboot() system call without first going through shutdown, /sbin/reboot, or /sbin/halt (note the operating system itself does not do this, it would have to be an application program which is calling reboot()). o O_SYNC is not in use. o AdvFS data logging is not in use. PROBLEM: (81007, 82961) (PATCH ID: OSF440-530) ******** This patch addresses multiple issues for the KZPCC family of RAID Array 2000 (RA2000) controllers. - Errors seen when concurrent opens are issued to separate logical partitions on the same logical device. - Change to the preferred chunk size from 16 KB to 64 KB which may increase data transfer rates. PROBLEM: (81379, 77978) (PATCH ID: OSF440-500) ******** The system returns the incorrect status from read EEROM. PROBLEM: (68328, 68412) (PATCH ID: OSF440-490) ******** This patch prevents a system panic from occurring while using ADVFS. A typical stack trace may look similar to this: 5 panic(s = "SMP Assertion failed") 6 advfs_sad() 7 vd_htop_already_valid() 8 migrate_normal() 9 mig_migrate() 10 bs_migrate() 11 msfs_syscall_op_migrate() 12 msfs_real_syscall() 13 msfs_syscall() 14 syscall() 15 _Xsyscall() PROBLEM: (85404) (PATCH ID: OSF440-577) ******** This patch fixes a problem with the driver for Gigabit Ethernet adapters (DEGPA-FA and DEGPA-TA) which prevented its use in a NetRAIN (Redundant Array of Independent Network Adapters) set. In order to add an interface to a NetRAIN set, the interface must not be busy. However, even when the Gigabit Ethernet interface ("alt") is not explicitly started by the system administrator or by a startup script, sometimes the interface will be started automatically as a result of activity on the network. If an attempt is then made to add this interface to a NetRAIN set, NetRAIN will report that the device is busy and thus cannot be used. This patch corrects the Gigabit Ethernet driver so that it will not start unless explicity told to do so by either the system administrator or by a startup script. PROBLEM: (BCPMB0MC4, 117-2-306, 84332) (PATCH ID: OSF440-540) ******** This patch fixes a system hang caused by netisr queue corruption due to a race condition that is primarily encountered by third party drivers and layered products that call schednetisr_nospl(). PROBLEM: (EVT18628A, 59132) (PATCH ID: OSF440-585) ******** This patch modifies advfs kernel code and several utilities. AdvFS will no longer panic with the following error: ADVFS EXCEPTION : panic cpu(0) : bad frag free list. The code is modified so that during frag allocation when advfs determines that the frag group header's free list has been corrupted, it stops using it and marks it BAD. It is then removed from the free list so no more allocations can take place AND no deallocations are performed. The verify, shfragbf and vfragpg programs are modified to report BAD frag groups. PROBLEM: (GB_G00942) (PATCH ID: OSF440-569) ******** This patch corrects an AdvFS panic which can occur during a rmfset operation. The panic string: "rbf_delete_int: can't find bf attributes" PROBLEM: (VNO65701A) (PATCH ID: OSF440-546) ******** This patch fixes an issue with lightweight wiring of pages and shared memory regions. This problem can occur when running Oracle and may cause ORA-01034: Oracle not available" errors when attempting to connect to Oracle databases. PROBLEM: (76224) (PATCH ID: OSF440-497) ******** This patch corrects a problem where a directory entry may be attempted to be changed to "." and the code checks for this prevents it from happening. PROBLEM: (75600, 75998, 75495) (PATCH ID: OSF440-503) ******** This patch fixes a lock hierarchy violation in AdvFs. The trace from the crash will typically look like the following: 1 panic() 2 event_timeout(0) 3 xcpu_puts() 4 printf() 5 panic() 6 lock_fault() 7 lock_write( 8 bs_cow_pg() 9 bs_cow( ) 10 bs_pinpg_clone() 11 bs_pinpg_ftx() 12 rbf_pinpg() 13 bs_frag_dealloc() 14 fs_delete_frag() 15 msfs_setattr() 16 vn_open_ftrunc() 17 vn_open() 18 copen() 19 open() 20 syscall() 21 _Xsyscall() PROBLEM: (HPAQ818FH, EVT39049A) (PATCH ID: OSF440-505) ******** This patch increases the efficiency of the tcp_timers. PROBLEM: (HPAQ30LKL) (PATCH ID: OSF440-522) ******** This patch fixes inaccuracy problems when using setrlimit/getrlimit with a threaded application. PROBLEM: (74608, 74224) (PATCH ID: OSF440-487) ******** This patch fixes a problem in which rmvol can hang in a wait state. PROBLEM: (78704) (PATCH ID: OSF440-562) ******** This patch fixes a hang in the ufs filesystem. PROBLEM: (76966) (PATCH ID: OSF440-460) ******** This patch fixes two problems with the consvar command: 1. fixes consvar command problem with setting a boot device to a tape device in order to boot from a tape drive 2. fixes the consvar -g command to show the console settings PROBLEM: (EVT0523123) (PATCH ID: OSF440-560) ******** This patch fixes a memory leak when named pipes (FIFOs) are used. PROBLEM: (ALC-2-076) (PATCH ID: OSF440-570) ******** This patch fixes a potential problem flushing data to disk when using data logging with sparse files in an AdvFS filesystem. PROBLEM: (MGO10736A, EVT0396650, TPOB36405, BCSM10NZK) (PATCH ID: OSF440-558) ******** This patch fixes a problem where threads can hang in x_load_inmem_xtnt_map() when called from x_page_to_blkmap(). A typical hung thread will have the following calls at the top of its stack trace: 0 thread_block 1 lock_read 2 x_load_inmem_xtnt_map 3 x_page_to_blkmap 4 x_page_to_iolist 5 blkmap PROBLEM: (82173, 82174, 82682, 83069, 82134, 84017, 84089, 84403, 84513, 85200) (PATCH ID: OSF440-553) ******** This patch fixes a problem where cascaded switches can hang the system at failover time. PROBLEM: (82489, SSRT0676U) (PATCH ID: OSF440-543) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. SYNOPSIS mountd [-d] [-i] [-n] [-s] [-r] [-R] [exportsfile] FLAGS ... -r Have mountd listen for requests on a reserved port. This is the default behavior. -R mountd may listen on an unreserved port. PROBLEM: (84853) (PATCH ID: OSF440-536) ******** CDFS media burned in 2001 shows the wrong dates. PROBLEM: (BCGM32243) (PATCH ID: OSF440-491) ******** This fixes a "u_anon_free: page busy" panic. An example stack trace: panic("u_anon_free: page busy") u_anon_free() u_anon_unmap() u_map_delete() vm_map_remove() vm_deallocate() procfs_read() vn_read() rwuio() read() syscall() _Xsyscall() PROBLEM: (HGO073056) (PATCH ID: OSF440-557) ******** This patch fixes a problem where threads can hang while renaming files on nfs mounted filesystems. This can occur when two threads are renaming files, one from directory "a" to directory "b" and the other from directory "b" to "a". A typical stack trace for a hung thread looks like: 0 thread_block 1 lock_write 2 nfs3_rename 3 rename 4 syscall PROBLEM: (87559) (PATCH ID: OSF440-617) ******** This patch fixes a "simple_unlock: lock not owned by cpu" panic in the biodone routine. In the V4.x and V5.0A pools, the mount_throttle_lock is a single global lock. This patch prevents the lock from getting re-initialized on subsequent mounts. The problem causes a system panic. The panic string will be: "simple_unlock: lock not owned by cpu" and will occur in the biodone routine. Typical stack trace: (dbx) t > 0 stop_secondary_cpu() 1 panic() 2 event_timeout() 3 xcpu_puts() 4 printf() 5 panic() 6 simple_lock_fault() 7 simple_unlock_owner_violation() 8 biodone() 9 cdisk_complete() 10 xpt_callback_thread() PROBLEM: (70564) (PATCH ID: OSF440-525) ******** This patch provides several fixes including: 1) Signal parent process to enable user notification of mount failure. 2) Return functionality to accept disk-type from user. 3) Exit if overlap detected and not being run interactively. 4) Don't do check_usage for -N option or mfs. 5) Move common variable declarations to header file. 6) Adjust fssize and references to it to handle larger file systems. PROBLEM: (82071) (PATCH ID: OSF440-501) ******** Kernel memory fault while using tablet instead of mouse. panic() trap() _XentMM() pgrp_ref() ttwakeup() ttyflush() tt_sysv_compat() ttioctl() aceioctl() spec_ioctl() vn_ioctl() ioctl_base() syscall() _Xsyscall() PROBLEM: (78711, 78577, 78703, 78751, 79066) (PATCH ID: OSF440-504) ******** This patch fixes a panic in AdvFS which has the following error message: panic: Unaligned kernel space access from kernel mode The stack trace is listed below: 21 afault_trap() 22 _XentUna() 23 seq_search() 24 msfs_lookup() 25 cfs_comm_lookup() 26 cfscall_lookup() 27 cfs_lookup() 29 _F64_stat1() 30 lstat() 31 syscall() 32 _Xsyscall() PROBLEM: (MGO69211A) (PATCH ID: OSF440-549) ******** This patch fixes an AdvFS hang that is caused by a thread waiting for flushCv notification and is holding resources that other threads want. This type of hang has been experienced when shutting the system down. PROBLEM: (EVT0467943) (PATCH ID: OSF440-656) ******** The patch fixes a problem that sometimes caused the system to select the incorrect IP source address for out-going connections when using IP aliases and subnetting on a network interface. PROBLEM: (87205, MGO81177A) (PATCH ID: OSF440-632) ******** This patch fixes a system panic with panic string: "lock_terminate: lock held". This is being caused by the table call which, when accessing an open file table from another task, was not doing the proper locking. An example stack trace is as follows: _panic_string: 0xfffffc00006642a8 = "lock_terminate: lock held" Begin Trace for machine_slot[paniccpu].cpu_panic_thread: > 0 stop_secondary_cpu(do_lwc = 0x0) ... 1 panic(0x3ae55dd2, 0x1f, 0x60000, 0x0, 0x1) ... 2 event_timeout(func = 0xfffffc000028fef0, ... 3 xcpu_puts(0xfffffc000028fef0, 0xfffffc00007672a0, ... 4 printf(0xfffffc0000662d08, 0x3, 0xfffffc00006642a8, ... 5 panic(0x0, 0x1, 0x0, 0x0, 0x0) ... 6 lock_terminate(l = 0xfffffc0291e9e4e0) ... 7 procfs_inactive(vp = 0xfffffc0291e9e400) ... 8 vrele(vp = 0xfffffc0291e9e400) ... 9 vn_close(0xfffffc000026a284, 0xfffffc00de7810c0, ... 10 closef(0x0, 0xfffffffeeffe78f0, 0xfffffc000026971c, ... 11 close(0xfffffc00de7810c0, 0xfffffc02990ecca0, ... 12 syscall(0x11ffff670, 0x1, 0xc38, 0x9603600000003, ... 13 _Xsyscall(0x8, 0x3ff800d5928, 0x140076c30, 0xa, ... End Trace for machine_slot[paniccpu].cpu_panic_thread: PROBLEM: (84959, 87086, 74573, MGO00009A) (PATCH ID: OSF440-651) ******** This patch corrects two problems: 1) The table() system will not abort connections properly if a tcb hash table number is greater than 1. 2) There was a kmf in 'option_scan' due to SMP race between cfgmgr(CFG_OP_CONFIGURE)" and "sysconfigdb(CFG_OP_RECONFIGURE)". The fix was to add a lock around access to cfg_db. An example of the stack trace would be: 5 panic 6 trap 7 _XentMM 8 option_scan 9 pci_driver_configure 10 configure_driver 11 wdd_pwa_configure 12 subsys_conf 13 kmodcall 14 syscall 15 _Xsyscall PROBLEM: (74797, 86129, BCGM21JKW) (PATCH ID: OSF440-630) ******** This patch fixes a bug in NFS that could possibly cause a kernel memory fault. This kernel memory fault could have the follwoing stack trace: 1 panic(s = 0xfffffc00005d5420 = "kernel memory fault" 2 trap() 3 _XentMM 4 ubc_flush_dirty 5 mntflushbuf 6 nfs_sync 7 sync 8 syscall 9 _Xsyscall PROBLEM: (79769) (PATCH ID: OSF440-629) ******** A kernel memory fault can occur on an smp machine when one thread is extending a clone frags file and another thread does a stat system call on a file with a frag. The stack trace is as follows: 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1762 7 _XentMM src/kernel/arch/alpha/locore.s : 1748 8 x_page_to_blk src/kernel/msfs/bs/bs_stg.c : 6191 9 x_page_to_blkmap src/kernel/msfs/bs/bs_stg.c : 5928 10 x_page_mapped src/kernel/msfs/bs/bs_stg.c : 6281 11 bs_frag_has_stg src/kernel/msfs/bs/bs_bitfile_sets.c : 2229 12 msfs_getattr src/kernel/msfs/osf/msfs_vnops.c : 1525 13 vn_stat src/kernel/vfs/vfs_vnops.c : 1277 14 stat1 src/kernel/vfs/vfs_syscalls.c : 3056 15 lstat src/kernel/vfs/vfs_syscalls.c : 3034 16 syscall src/kernel/arch/alpha/syscall_trap.c : 627 17 _Xsyscall src/kernel/arch/alpha/locore.s : 1512 PROBLEM: (MGO80078A) (PATCH ID: OSF440-612) ******** In u_anon_dupu(), error handling path at label pg_error should remove the entries that have been made in the physical map PROBLEM: (SSRT0742U) (PATCH ID: OSF440-636) ******** A potential security vulnerability has been discovered in the kernel, where under certain circumstances a race condition can occur that could allow a non-root user to modify any file and possibly gain root access. PROBLEM: (HPAQ10CJS, BCSM11BF0) (PATCH ID: OSF440-590) ******** This patch corrects an AdvFS problem where an on-disk variable wraps when more than 64k metadata entries are required to map the disk blocks of a file or metadata file. The side effects of this problem were data inconsistencies and an incorrect available size for the domain. PROBLEM: (84361, 89376, 89912, BCPM90KZ9, MGO37358A) (PATCH ID: OSF440-665) ******** This patch fixes the following system panics: 1.) 'Kernel Memory Fault' in function sth_close_fifo() when closing a vnode that belongs to a FIFO. An example stack trace is as follows: With "fdetach" 11 boot src/kernel/arch/alpha/machdep.c : 199 0 12 panic src/kernel/bsd/subr_prf.c : 842 13 trap src/kernel/arch/alpha/trap.c : 1763 14 _XentMM src/kernel/arch/alpha/locore.s : 1741 15 sth_close_fifo src/kernel/streams/str_filesys.c : 55 5 16 ffm_unmount src/kernel/ffm/ffm_vfsops.c : 620 17 dounmount src/kernel/vfs/vfs_syscalls.c : 1454 18 unmount src/kernel/vfs/vfs_syscalls.c : 1357 19 syscall src/kernel/arch/alpha/syscall_trap.c : 627 20 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 With "Advanced Server for Digital Unix (ASDU)": 0 boot src/kernel/arch/alpha/machdep.c : 2031 1 panic src/kernel/bsd/subr_prf.c : 842 2 trap src/kernel/arch/alpha/trap.c : 1763 3 _XentMM src/kernel/arch/alpha/locore.s : 1741 4 sth_close_fifo src/kernel/streams/str_filesys.c : 555 5 vn_close src/kernel/vfs/vfs_vnops.c : 1534 6 closef src/kernel/bsd/kern_descrip.c : 1989 7 close src/kernel/bsd/kern_descrip.c : 1649 8 syscall src/kernel/arch/alpha/syscall_trap.c : 627 9 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 2.) "simple_lock: time limit exceeded" in "spec_reclaim". An example stack trace is as follows: panic simple_lock_fault simple_lock_time_violation spec_reclaim ["spec_vnops.c":1528] vclean(vp = 0xfffffc01b86d4600, ...) ["vfs_subr.c" : 2782] vgone ["vfs_subr.c" : 2885] getnewvnode ["vfs_subr.c" : 1924] vdealloc ["vfs_subr.c" : 1380] vrele ["vfs_subr.c" : 2426] namei unp_connect uipc_usrreq sosend sendit sendto syscall _Xsyscall PROBLEM: (LU_G01229) (PATCH ID: OSF440-655) ******** This fixes a problem with vm_faults against anon objects mapped by multiple map entires. PROBLEM: (HPAQ11G64, HPAQ41Q65, 86633) (PATCH ID: OSF440-633) ******** This patch corrects the problem of a simple lock timeout due to posix timers and it also corrects some inaccuracies of the posix realtime timers. PROBLEM: (BCGM41R20, BCGM70QF0) (PATCH ID: OSF440-646) ******** This patch fixes a problem where a system with a dual-mounted AdvFS filesystem can panic with the panic string, "bs_unpinpg: unpin sync with writeRef >1". The stack trace will typically look like the following. panic advfs_sad bs_unpin_pg set_vd_mounted bs_bfdmn_activate bs_bfdmn_tbl_activate bs_bfset_activate_int bs_bfset_activate advfs_mountfs msfs_mount mount1 mount syscall _Xsyscall PROBLEM: (CLD/QAR/SPR, ---------------------, 85811, 85406, 85726, 86107, 86375, 86657, 86828, 87776, 80684, 88062, 87339, 88063, 88243, 86895, 87339, 80116) (PATCH ID: OSF440-635) ******** The patch updates the emx driver to V2.01 and fixes the following problems: . a problem of unexpected tape i/o aborts . panic of can't grow probe list . several kernel memory faults within the driver . redundant adapter failures no longer panic the system . a problem of panicing with low memory resources . stalling i/o during reprobing when a cluster member goes down. PROBLEM: (BCGM21TMQ) (PATCH ID: OSF440-600) ******** This correction avoids an AdvFS command problem. In rare cases, migrate programs (rmvol, balance, migrate, defragment) would fail to migrate a file due to E_PAGE_NOT_MAPPED: nail/-> rmvol -v /dev/rza13c eng-mdvt1 rmvol: Removing volume '/dev/rza13c' from domain 'eng-mdvt1' rmvol: Moving file file name: (setTag: 1.32769 (0x1.0x8001), tag: 1.32769 (0x1.0x8001)) moving pages - page offset: 8672, page count: 1424 rmvol: Can't move file (setTag: 1.32769 (0x1.0x8001), tag: 1.32769 (0x1.0x8001)) pages rmvol: Error = E_PAGE_NOT_MAPPED (-1035) rmvol: Can't move file (setTag: 1.32769 (0x1.0x8001), tag: 1.32769 (0x1.0x8001)) metadata rmvol: Can't remove volume '/dev/rza13c' from domain 'eng-mdvt1' PROBLEM: (89088, TKT205463) (PATCH ID: OSF440-649) ******** This patch fixes a system panic with "malloc_check_checksum: memory pool corrution" A vnode is being referenced after it has been freed and return to kmem. The pmsgbuf has the bucket infomation: memory pool corruption memory address: 0xfffffc00807fafc0 memory size: 0x240 ra of last caller freeing memory: 0xfffffc00004a477c panic (cpu 0): malloc_check_checksum: memory pool corruption The memory address shows that the last locker was wait_for_vxlock: (dbx) 0xfffffc00807fafc0/10X 0xfffffc00807fafc0: 0xfffffc00004a35ae 0xdeadbeefdeadbeef 0xfffffc00807fafd0: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef 0xfffffc00807fafe0: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef 0xfffffc00807faff0: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef 0xfffffc00807fb000: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef crash> 0xfffffc00004a35ae/i (dbx) 0xfffffc00004a35ae/i [wait_for_vxlock:1000, 0xfffffc00004a35ac] bsr ra, simple_unlock(line 1497) PROBLEM: (TKTB10144, 45781, 86466) (PATCH ID: OSF440-593) ******** This patch corrects a problem where an fcntl() with the FIFO parameter would return errno=22 (Invalid Argument). PROBLEM: (ZPO101304) (PATCH ID: OSF440-645) ******** This patch corrects a problem which could result in a system panic on close() if the BPF default packet filter is in use. PROBLEM: (BCPM205PB) (PATCH ID: OSF440-652) ******** This fixes a kernel memory fault panic in msg_rpc_trap(). An example stack trace would be: panic() trap() _XentMM() msg_rpc_trap() _Xsyscall() PROBLEM: (87422) (PATCH ID: OSF440-626) ******** This patch fixes a time loss problem seen on DS systems only when using console callbacks. The patch resynchronizes the clock when a time loss is detected. PROBLEM: (88013) (PATCH ID: OSF440-653) ******** This patch fixes a rare panic in the driver for the DE600/DE602 10/100 Ethernet adapter. The panic is the result of a kernel memory fault that occurs when an ioctl is sent to the driver (for instance using "ifconfig"), or when a machine is shutting down to reboot. Typically it will only occur when there is high traffic on the network. The stack trace may show ee_rint as the routine in which the kernel memory fault occurred: 1 panic() 2 trap() 3 _XentMM() 4 ee_rint() 5 ee_rx_intr_work_thread() The stack trace may alternatively show ee_add_rfd_buf as the routine in which the kernel memory fault occurred: 1 panic() 2 trap() 3 _XentMM() 4 ee_add_rfd_buf() PROBLEM: (BCGM7243T, TKT194594) (PATCH ID: OSF440-611) ******** This patch fixes a problem where network interfaces can appear unresponsive to network traffic. PROBLEM: (86737, SQO73719A) (PATCH ID: OSF440-597) ******** This patch fixes a kernel memory fault. The crash is listed below: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 614 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1183 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1760 7 _XentMM src/kernel/arch/alpha/locore.s : 1741 8 signal_parent src/kernel/bsd/kern_sig.c : 6622 9 issig src/kernel/bsd/kern_sig.c : 4957 10 mpsleep src/kernel/bsd/kern_synch.c : 553 11 pse_read src/kernel/streams/str_scalls.c : 1538 12 spec_read src/kernel/vfs/spec_vnops.c : 2216 13 msfsspec_read src/kernel/msfs/osf/msfs_vnops.c : 4598 14 vn_read src/kernel/vfs/vfs_vnops.c : 1107 15 rwuio src/kernel/bsd/sys_generic.c : 1950 16 read src/kernel/bsd/sys_generic.c : 1900 17 syscall src/kernel/arch/alpha/syscall_trap.c : 627 18 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 PROBLEM: (GOZ48787C) (PATCH ID: OSF440-648) ******** This patch corrects a problem with ICMP redirect processing which resulted in incorrect ICMP redirect messages. PROBLEM: (HPAQ507XC) (PATCH ID: OSF440-657) ******** This fixes a panic of "malloc_leak: free with wrong type" when using kmem-debug-protect. An example stack trace: panic() malloc_leak() malloc_debug() free() PROBLEM: (BCSMB0VRS) (PATCH ID: OSF440-634) ******** This patch fixes a problem in kernel threads where multi-threaded applications were allowed to start running prior to virtual memory mapping swapin. This was prevented by adding a flag to mark when the map is swapped out and prevents thread swapins until the flag is cleared PROBLEM: (89165) (PATCH ID: OSF440-644) ******** This patch fixes kernel panics which can occur in the context of threaded applications. The panic string is "trap: invalid memory write access from kernel mode" and the faulting virtual address is always 0x0000000000000048. PROBLEM: (BCGM10S95, QAR82871) (PATCH ID: OSF440-573) ******** This patch fixes a problem that dual mounting causes panic. The panic string would be; "rbs_access_one_int: domain different from ftx domain." PROBLEM: (88653, HPAQ507XC) (PATCH ID: OSF440-628) ******** This patch corrects a problem in the virtual file system that could cause panic with the panic string "kernel memory fault." PROBLEM: (87175, BCPM41T19, 87301) (PATCH ID: OSF440-621) ******** A system detected a power issue and attempted to shutdown. It ran the powerdown_thread, which is not bound to a specific cpu. Eventually resettodr, which requires execution on the master cpu, was called. The powerdown thread started on cpu 2 and did not move from there. Thus, the system panic'd when the code in resettodr checked the cpu number. The stack trace is below: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 614 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1183 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 resettodr src/kernel/arch/alpha/clock.c : 379 7 boot src/kernel/arch/alpha/machdep.c : 1991 8 powerdown_thread src/kernel/arch/alpha/machdep.c : 4274 PROBLEM: (BE_G01188) (PATCH ID: OSF440-603) ******** This patch corrects a problem with excessive receive overrun error messages from the fta driver. PROBLEM: (DBDQ80HPS, 89463) (PATCH ID: OSF440-660) ******** This patch fixes a bug that causes corruption of binary.errlog. PROBLEM: (SSRT0740U) (PATCH ID: OSF440-666) ******** A potential security vulnerability has been discovered in the networking, where under certain circumstances a remote system can take over packets destined for another host. PROBLEM: (GB_G01298) (PATCH ID: OSF440-596) ******** This patch corrects a kernel memory fault panic in clntktcp_connect(). PROBLEM: (BE_G01325) (PATCH ID: OSF440-602) ******** This patch prevents the error message "local HSM Error: msgsvc: socket close failed" from being generated when an application closes the socket with return state 0. PROBLEM: (87391, 89027, 84361, 89376, 89775) (PATCH ID: OSF440-703) ******** This patch fixes the following problems: - KMF while unmounting cfs file system - panic with "simple lock: minumum_spl violation" - panic with "simple lock: time limit exceeded" in "spec_reclaim" - specalias structures not being freed - mount command with the extend -u option caused panic PROBLEM: (91244) (PATCH ID: OSF440-729) ******** This patch fixes a problem where heavy use of a filesystem can result in "vnode table full" or "cannot create pipe" error messages. PROBLEM: (CLD BCGM40DM9, CLD KAOQ23606, QAR 70043) (Patch ID: OSF440-090) ******** This patch fixes a problem with crontab in which, when root runs 'crontab -e user', the user's crontab file is edited and saved, but isn't re-read by the cron daemon. Instead root's crontab file is re-read. PROBLEM: (BCSM8083T / QAR 74139) (Patch ID: OSF440-188) ******** This patch fixes a problem when attempting to restore to system configured with backplane raid, btextract fails. PROBLEM: (DK_G02854, DK_G02868, DK_G02590, DK_G02988) (PATCH ID: OSF440-734) ******** This patch fixes a problem where a system crash occurs at the end (or immediately after) a rmvol on an AdvFS domain. A panic string like the following will be seen: panic (cpu 0): lsn_io_list: current lsn > hiflushlsn N1 = -1550805214, N2 = 1026 N1 can be any high negative number, and N2 will be 1026. This panic will likely cause the domain in question to become corrupt and unmountable. If the domain becomes unmountable, the customer should restore data from backup. This panic will only occur on systems that have installed the BL17 patch. It is also possible that a customer may see a hang in bs_bf_flush_nowait instead of this panic. PROBLEM: (86918) (PATCH ID: OSF440-931) ******** The problem is that addvol allows a HSG/HSZ disk partition to be added to an 'on-line' (or off-line), existing domain, when the disk partition can not access all the blocks that the disklabel indicates, and consequently, all the blocks added to the domain. This due to the disklabel no longer being valid. PROBLEM: (82393, MGO90408A) (PATCH ID: OSF440-1015) ******** This patch fixes a problem caused when the Tru64 TCP layer prematurely closes a slow, but good connection with TCP reset. An example is when a Networker backup stalls while the server has to reload a tape. PROBLEM: (90982, 92619, 92647) (PATCH ID: OSF440-792) ******** This patch fixes three problems with the "ee" driver for DE60x Ethernet cards. These problems affect all Tru64 systems containing DE60x network interfaces. Transmit timeout race --------------------- Occasionally a transmit timeout in the "ee" driver will cause the machine to panic due to a race condition between the transmit timeout code and the receive code. The message log will contain a transmit timeout, shortly followed by the panic: ee2: Transmit timeout (scbsts = f0006050, mask = f0000c00) trap: invalid memory read access from kernel mode faulting virtual address: 0x0000000000000010 pc of faulting instruction: 0xffffffff006d0b80 ... The stack trace will be similar to the following: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1358 1 panic src/kernel/bsd/subr_prf.c : 1299 2 event_timeout src/kernel/arch/alpha/cpu.c : 2268 3 printf src/kernel/bsd/subr_prf.c : 984 4 panic src/kernel/bsd/subr_prf.c : 1356 5 trap src/kernel/arch/alpha/trap.c : 2278 6 _XentMM src/kernel/arch/alpha/locore.s : 2213 7 ee_add_rfd_buf_locked src/kernel/io/dec/netif/if_ee.c : 2632 8 ee_add_rfd_buf src/kernel/io/dec/netif/if_ee.c : 2522 9 ee_rint src/kernel/io/dec/netif/if_ee.c : 5718 10 ee_rx_intr_work_thread src/kernel/io/dec/netif/if_ee.c : 5439 Memory allocation error checking -------------------------------- There is no recorded instance of this occurring, but error checking was added to buffer allocation in the receive path to prevent a panic if MALLOC is unable to obtain memory. DMA resource allocation ----------------------- It is possible for the platform subsystem to return fewer DMA resources than requested if resources are running low. Previously this would potentially cause a panic since the adapter might DMA into a memory location not owned by the driver. This patch recognizes and prevents that situation in the driver. PROBLEM: (91547) (PATCH ID: OSF440-972) ******** When two concurrent process tries to move a file, only one process will be able to "unlink" the original file. In case, if both the process completes simultaneously, only one of the process can unlink the file after moving it to the specified destination. Since, the errno is not checked while unlinking the file, both the process return from "mv" command without any error. This fix takes care of this situation. PROBLEM: (86740, 91581) (PATCH ID: OSF440-897) ******** PROBLEM: When creating sub-directories, the system may hang if the system imposed link limit is reached for a particular parent directory. PROBLEM: When using synchronous IO, a false indication of success will be returned when writing to a file and exceeding the file size limits imposed by the operating system. PROBLEM: (92212, DEK064589) (PATCH ID: OSF440-803) ******** System panics in audit_rec_build when auditing execve with the exec_argp or exec_envp audit style enabled. PROBLEM: (91908) (PATCH ID: OSF440-778) ******** A performance regression with 2-level threads scheduling was seen. PROBLEM: (87008) (PATCH ID: OSF440-682) ******** This problem is seen when debugging kernel crash dumps. The corruption is always page-aligned and usually in the sparse VM "managed" space. "kmem -v" under the "crash" analysis tool may identify this type of corruption, however this problem is not limited to kmem allocations. The corruption can take any form -- application data, kernel data, database -- depending on which wrong page happens to be selected. PROBLEM: (71448) (PATCH ID: OSF440-887) ******** This fix will trap on an inconsistent directory entry to prevent an infinite loop that might eventually cause a system hang. PROBLEM: (88548) (PATCH ID: OSF440-873) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (TKT361836, TKT376858) (PATCH ID: OSF440-913) ******** This patch corrects the problem where a user may experience a core dump, when using csh from the Japanese locale. PROBLEM: (117-1-17467:BCSM60KGT, 74405) (PATCH ID: OSF440-671) ******** Applications that use the fwrite() library call may fail when the total number of bytes to be written is larger than 2 GB. Also, when the total number of bytes to be written is a multiple of 4 GB, fwrite() may indicate success, when in reality, no data has actually been written. This patch addresses these problems. PROBLEM: (EVT0496318B, 87204) (PATCH ID: OSF440-670) ******** This patch is to correct the problem where the DLI queue stalls when there is no traffic in the TCP/IP or HDLC stacks. In order to enable this fix, one needs to set the netisrwakeupthreshold = 0 as this will allow more than one netisr to be run by a user process. PROBLEM: (BCPM61VLJ, 88819) (PATCH ID: OSF440-678) ******** This patch corrects a problem where the SNMP interface counter ifInUcastPkts occassionally decrements or jumps to an arbitrary, large value. PROBLEM: (93908) (PATCH ID: OSF440-817) ******** This patch corrects a failure in the safe_open() routine which caused symbolic links given by a relative path from the current working directory sometimes to give ENOENT errors incorrectly. This was specific to having no 'real' (non-".") leading components before the first symlink was found. PROBLEM: (95682, 95733, SSRT2439, SSRT2341) (PATCH ID: OSF440-1016) ******** In certain conditions a too-small buffer could be allocated. Similarly, under certain circumstances, pointers to a buffer within the RPC subsystem could be set beyond the buffer's bounds. This patch fixes these problems. PROBLEM: (91301, SSRT0771U) (PATCH ID: OSF440-732) ******** When the LANG and LOCPATH environment variables are set to a very long string, the application may crash with segmentation fault. This patch fixes the problem. PROBLEM: (93526) (PATCH ID: OSF440-962) ******** This patch fixes problem while expanding positional parameters in bourne shell. The expansion "$@" should generate zero fields when there are no positional parameters specified for the shell function. PROBLEM: (90990) (PATCH ID: OSF440-756) ******** System will panic and/or data corruption may occur by changing fifo parameter pipe-databuf-size while fifo operations are in flight. Panic information: (dbx) t > 0 boot(reason = (unallocated - symbol optimized away), howto = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/machdep.c":2644, 0xfffffc000067b854] 1 panic(s = (unallocated - symbol optimized away)) ["../../../../src/kernel/ bsd/subr_prf.c":1401, 0xfffffc000029f4a0] 2 trap(a0 = (...), a1 = (...), a2 = (...), code = (unallocated - symbol optimized away), exc_frame = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/trap.c":2266, 0xfffffc00006696e0] 3 _XentMM(0x1, 0xfffffc00005d0fc0, 0xfffffc00008409a0, 0xfffffc0059d72400, 0x0) ["../../../../src/kernel/arch/alpha/locore.s":2143, 0xfffffc0000663154] 4 fifo_write(vp = (unallocated - symbol optimized away), uiop = (unallocated - symbol optimized away), ioflag = (unallocated - symbol optimized away), cred = (unallocated - symbol optimized away)) ["../../../../src/kernel/vfs/ fifo_vnops.c":1161, 0xfffffc00005d0fc0] 5 nfsfifo_write(0xfffffc00005f7044, 0xfffffc00927b00c0, 0xfffffe04a223f878, 0xfffffc0030481d40, 0xfffffe04a223f878) ["../../../../src/kernel/nfs/ nfs_vnodeops.c":3939, 0xfffffc0000533e38] 6 vn_write(0xfffffc00002b3230, 0xfffffe04a223f878, 0xfffffc004dd7f200, 0x0, 0x4000) ["../../../../src/kernel/vfs/vfs_vnops.c":1427, 0xfffffc00005f7040] 7 rwuio(0xfffffe04a2238000, 0xfffffc000cbc9880, 0xfffffc00927b00c0, 0xfffffe04a223f8f0, 0x1) ["../../../../src/kernel/bsd/sys_generic.c":2257, 0xfffffc00002b3284] 8 write(0xb4000, 0xfffffc0000000001, 0x4000, 0x100000000, 0xffffffff00000002) ["../../../../src/kernel/bsd/sys_generic.c":2179, 0xfffffc00002b3118] 9 syscall(0x4000, 0x0, 0x0, 0x1200012fc, 0x0) ["../../../../src/kernel/arch/ alpha/syscall_trap.c":725, 0xfffffc000065f700] 10 _Xsyscall(0x8, 0x3ff800d1d18, 0x1400080b0, 0x3, 0x11fff8000) ["../../../.. /src/kernel/arch/alpha/locore.s":1814, 0xfffffc0000662edc] PROBLEM: (95121) (PATCH ID: OSF440-968) ******** This patch fixes a ksh problem related to cleaning the process associated with control terminal when a login session is abruptly stopped. This problem occurs when trap(1) defined either in a startup script or a script executed within the current shell process. PROBLEM: (93321, 87630, 93320, 86058) (PATCH ID: OSF440-1007) ******** This patch fixes following problems in sh. o Service denial problem when a quoted here doc script is executed. o Problem with handling ELF files. o The shell variable $- not holding -C set option when it is turned on. o Printing broken characters when type builtin utility of sh is invoked in Japanese locale. PROBLEM: (91773) (PATCH ID: OSF440-763) ******** Fix for internal kernel panic "get_xm_page_range_info:kernel memory fault" | This kernel panic occurs infrequently when one thread is | adding storage to a file and another thread is actively | migrating the same file. If the file appending the storage | encounters an error of no more blocks (file system full) | any partial storage added is removed and the in memory | extent map is set to null. When the migrate thread | encounters this extent map null condition, it expects the | extent map to not be null and panics. | PROBLEM: (SSRT2270) (PATCH ID: OSF440-844) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the BIND utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (95440) (PATCH ID: OSF440-1011) ******** PROBLEM: audit_tool when printing out execve audit events in brief mode (-B) may append nonsense characters to the output, example: # audit_tool `auditd -dq` -e execve -B AUID:RUID:EUID PID RES/(ERR) EVENT -------------- --- --------- ----- 0:0:0 697 0x0 execve ( /usr/sbin/auditmask M-4M-^?^C ) 0:0:0 697 0x0 execve ( /sbin/ls M-mM-^A ) 0:0:0 697 0x0 execve ( /usr/sbin/auditd ) 0:0:0 697 0x0 execve ( /usr/sbin/audit_tool M-1M-4M-|^C ) 0:0:0 697 0x0 execve ( ./audit_tool ) 0:0:0 697 0x0 execve ( /usr/sbin/auditmask M-4M-^?^C ) PROBLEM: (92670) (PATCH ID: OSF440-801) ******** This patch prevents a panic in fifo_write with the panic message "NULL fifo_bufhdr append pointer". PROBLEM: (55230, 55285, MGO92234A, MGO17951A, TPO085779) (PATCH ID: OSF440-896) ******** This patch will fix sync related processing of vnodes in Advfs, NFS. PROBLEM: (94136, 95831, SSRT2275) (PATCH ID: OSF440-985) ******** This patch provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. PROBLEM: (92276, 90218, 94063, 94493) (PATCH ID: OSF440-827) ******** This patch fixes three problems with the "alt" driver for DEGPA Gigabit Ethernet adapters. These problems affect all Tru64 systems containing DEGPA network interfaces. (1) A workaround for a DEGPA hardware bug that can, in rare conditions, cause the machine to panic. When this panic is encountered, the following details will be present in the crash dump: (a) alt_recv_complete will be in the stack trace. (b) The _XentMM trap() will be for memory location 0x50. (2) A fix for a receiver hang that can occur in extremely low memory conditions. When this bug is encountered, the interface will be able to transmit but not receive, so it will not be reachable by any other node on the network. This bug can be verified by checking for a zero value std_rx_buf field in the softc, which means that the adapter has zero mbufs available for receiving: crash> pd alt_softc[0]->std_rx_buf 0 (3) A fix for a DEGPA hardware bug that causes transmission errors on 4G boundaries in physical memory. This can result in NFS hangs and other errors in machines with >4G physical memory. PROBLEM: (63702, PROBLEM) (PATCH ID: OSF440-990) ******** The crontab entry of kind " * * 31 * * " was scheduled on wrong days for the months having only 30 days. Now this problem is fixed. PROBLEM: (92822) (PATCH ID: OSF440-781) ******** This patch fixes a problem in libmld's access_lines() function that may cause failures in third and other Atom-based tools. This failure will be reported by third as shown below: % third -g -pthread primes third: info: instrumenting primes ... atom: Error: Command '/tmp/atomAAAaaSv8a/primes.tool' terminated \ with receipt of SIGSEGV signal. atom: Error: A fatal error has occurred. This could be caused by a lack of space in /tmp, or an instrumentation code error. Check /tmp, or run atom with the -debug switch. third: error: exiting due to error instrumenting primes All third errors are reported this way. To see if this particular third error is caused by the access_lines() bug, invoke atom directly and include the -debug switch on the command line. % atom -tool third -g -pthread -debug primes -env threads dbx version 3.11.10 Type 'help' for help. [2] stop in InstrumentAll [2] stopped at >*[InstrumentAll, 0x12004d120] lda sp, -80(sp) (/bin/dbx) cont signal Segmentation fault at >*[access_lines, 0x1200f5a14] ldq_u a2, 0(s0) PROBLEM: (TKT244440) (PATCH ID: OSF440-668) ******** While in an Asian locale (such as Japanese) and executing a ksh command that deals with directories with Asian language names, a segmentation fault and core dump may occur. This patch fixes this problem. PROBLEM: (70-25-47) (PATCH ID: OSF440-870) ******** This patch fixes a problem that may be encountered by threaded applications using pthread_kill(). Under some circumstances, when one application thread attempts to signal a second thread using pthread_kill(), the pthreads library will return success, but the signal will never be sent to the target thread. This unfortunate condition may occur when the target thread is blocked in the kernel at the time the signal is sent. PROBLEM: (95630) (PATCH ID: OSF440-1018) ******** This patch fixes sh problem while executing a here document through command substitution. PROBLEM: (DE_G03995) (PATCH ID: OSF440-811) ******** This fixes a problem in the VM subsystem that could cause a crash with the panic string "vm_page_ssm_unwire". An example stack trace: 4 panic 5 vm_page_ssm_unwire 6 u_ssm_unwire 7 u_ssm_fault 8 vl_unwire 9 u_map_wire 10 lw_unwire_new 11 vm_map_pageable PROBLEM: (94880) (PATCH ID: OSF440-924) ******** This fix corrects an lpc regression in the lpc buffer overflow fix. PROBLEM: (84529, 87164) (PATCH ID: OSF440-693) ******** This patch fixes a bug that could cause a panic with the panic string "ubc_object_free: page still resident". PROBLEM: (94189, 94095, SSRT, SSRT) (PATCH ID: OSF440-847) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be comprimised when a buffer overflow occurs in the ypmatch and traceroute utilities. Buffer overflows are sometimes exploited in an attempt to subvert the funcuion of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (SSRT2260) (PATCH ID: OSF440-849) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the lpq, lpr and lprm commnads. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commnads and the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (THALES-594, STL160583) (PATCH ID: OSF440-769) ******** This patch corrects a problem which had resulted in broadcast or multicast packets being processed multiple times on behalf of a NetRAIN device, once for each backup interface. PROBLEM: (93161) (PATCH ID: OSF440-837) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (SSRT0759U) (PATCH ID: OSF440-700) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of file corruption due to the manner in which setuid/setgid programs core dump. Compaq has corrected this potential vulnerability. PROBLEM: (94417) (PATCH ID: OSF440-911) ******** The audit_tool search algorithms did not differentiate between prived, non_prived, unset audit uids. PROBLEM: (TKT232044) (PATCH ID: OSF440-720) ******** NetRAIN virtual interface counters are not maintained properly, which affected reporting via netstat and snmp, and affects the proper operation of NetRAIN. PROBLEM: (93714, 92650, 92212, 83371, 94138, 95676) (PATCH ID: OSF440-934) ******** PROBLEM: Not all audit data in the log is displayed after being sorted. PROBLEM: System panic in audit_rec_build. PROBLEM: Setting select/deselect flag on a directory does not affect if an audit event is generated (with obj select/obj deselect) when an audited file operation is performed. PROBLEM: (SSRT2322) (PATCH ID: OSF440-941) ******** A potential security vulnerability has been identified in the HP Tru64 UNIX operating system which may result in a Denial of Service (DoS). This may be in the form of local and remote security domain risks. The following potential vulnerability has been corrected: o SSRT2322 - BIND resolver (Severity - High) PROBLEM: (90140, 88033, 87259) (PATCH ID: OSF440-725) ******** This patch fixes a problem where opens would fail when running under heavy IO load with the KZPCC PROBLEM: (117-1-19737) (PATCH ID: OSF440-779) ******** This fix corrects a problem in which sh was using a high amount of CPU time. PROBLEM: (IT_G01812, SSRT0756U) (PATCH ID: OSF440-709) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (95072) (PATCH ID: OSF440-1012) ******** Fix for QAR 95072 - Floating Point Exception handling implemented. PROBLEM: (88585) (PATCH ID: OSF440-893) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (92687) (PATCH ID: OSF440-946) ******** This patch fixes a Tru64 nfs server panic caused by receiving illegal file access mode from the Tru64 nfs client. PROBLEM: (86308, BCSM3169H) (PATCH ID: OSF440-718) ******** This patch fixes a potential problem where system responsiveness may be impacted. In certain situations, this impact may prevent other processes from running for several seconds. This problem can occur during a filesystem synch when there are many filesystems where each contains several hundred thousand files. Note that AdvFS filesystems do not exhibit this problem. PROBLEM: (86535, DE_G03524) (PATCH ID: OSF440-762) ******** This patch corrects a problem where gated will no longer complain each time it attempts to send an OSPF HELLO packet and possibly fill up log files. PROBLEM: (94297) (PATCH ID: OSF440-838) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. A malicious user can attempt to subvert a program file that has the setuid or setgid privilege and possibly execute commands at an elevated privilege level. HP has corrected this potential vulnerability. PROBLEM: (117-1-21461/QAR) (PATCH ID: OSF440-940) ******** Prior to this fix, lpd treated entries in /etc/hosts.lpd in a case sensitive manner (meaning that "node.domain" was treated differently than "Node.Domain"). This fix causes lpd to treat entries in /etc/hosts.lpd in a case insensitive manner (meaning that now entries of the form "node.domain" are viewed as identical to mixed case entries of the form "Node.Domain"). PROBLEM: (91927, 95450) (PATCH ID: OSF440-964) ******** PROBLEM: on EV6 systems, removing execute permission from memory may not take effect immediately. No typical stack trace, no potential for panic. PROBLEM: If a set of kernel virtual addresses at the high end of virtual memory are unmapped, the system may panic with "delete_pv_entry: mapping not in pv_list". The failure can be identified with the following stack trace: 1 panic src/kernel/bsd/subr_prf.c : 1325 2 event_timeout src/kernel/arch/alpha/cpu.c : 2341 3 printf src/kernel/bsd/subr_prf.c : 1008 4 panic src/kernel/bsd/subr_prf.c : 1382 5 delete_pv_entry src/kernel/arch/alpha/pmap.c : 2496 6 pmap_remove_range src/kernel/arch/alpha/pmap.c : 3389 7 pmap_remove src/kernel/arch/alpha/pmap.c : 3588 8 anon_remap src/kernel/vm/vm_anon.c : 1412 9 anon_grow src/kernel/vm/vm_anon.c : 1126 10 u_anon_grow src/kernel/vm/u_mape_anon.c : 5414 11 u_map_entry_grow src/kernel/vm/vm_umap.c : 1424 12 u_map_enter src/kernel/vm/vm_umap.c : 1490 13 u_anon_create src/kernel/vm/u_mape_anon.c : 1558 14 smmap src/kernel/bsd/kern_mman.c : 1309 15 syscall src/kernel/arch/alpha/syscall_trap.c : 725 PROBLEM: (SSRT0781U) (PATCH ID: OSF440-730) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of network programs core dumping. Compaq has corrected this potential vulnerability. PROBLEM: (DSATL24MS) (PATCH ID: OSF440-879) ******** This patch resolves "lock_clear_recursive: recursion not enabled" panics. A typical stack trace would be: lock_fault lock_clear_recursive in_fastpcbconnect tcp_input ipintr netisr_thread PROBLEM: (63460, 67037) (PATCH ID: OSF440-1003) ******** The cron daemon was not logging the commands it runs on the request of users, even when the loglevel is set to 4 in /var/adm/cron/queuedefs. This is because there was no support for this feature in cron. Now we have this support. PROBLEM: (89093) (PATCH ID: OSF440-902) ******** Offlining a CPU with bound process(es) can lead to a "malloc_check_checksum: memory pool corruption" panic. 0 stop_secondary_cpu 1 panic 2 malloc_check_checksum 3 malloc_internal 4 _ms_malloc 5 _ftx_start_i 6 bmt_free_bf_mcells_i 7 bmt_free_bf_mcells 8 del_dealloc_stg 9 stg_remove_stg_finish 10 bs_close_one 11 msfs_inactive 12 vrele 13 vn_close 14 closef 15 close 16 syscall 17 _Xsyscall PROBLEM: (57336, 90066, BCGM51RKR) (PATCH ID: OSF440-695) ******** This patch fixes two issues: - If multiple processes attempted to access the same file at the same time and access to the file should have been allowed by an ACL on the file, access may have been denied instead. Now access will be allowed as expected. - If the ACL on a file was corrupted the corrupted data was being passed into the kernel causing a variety of problems, including panics in kernel malloc/free after it was called by the ACL code. Now more of the ACL data is being validated. The system will respond to the corrupted data with an "Invalid Argument" error. One example panic: trap: invalid memory write access from kernel mode 3 _XentMM 4 free_common 5 free 6 kfree 7 sp_delete_ir 8 acl_ir_cache_delete 9 LOCK_DONE_SECATTR PROBLEM: (94859, 94097) (PATCH ID: OSF440-914) ******** This patch corrects a problem found wherein the rmtmpfiles script would produce errors at startup of the form: dirclean: lstat failure for starting directory: /.osonly_tmp/: No such file or directory The same error would show up nightly from the cleanup commands in root's crontab. The directory will now be created if necessary when the rmtmpfiles script runs. PROBLEM: (67870) (PATCH ID: OSF440-991) ******** This patch eliminates the compiler warnings in ksh. PROBLEM: (IT_G02713) (PATCH ID: OSF440-786) ******** This patch fixes a problem that caused the 4.3BSD socket interface to return incorrect values for IOCTL calls accessing IP alias address information. PROBLEM: (93039, BCGM603V0,) (PATCH ID: OSF440-831) ******** This fix prevents a sign promotion generated by the compiler while comparing 32 bit int variable with 64 bit unsigned long variable. This leads to an incorrect comparison which, in turns, leads to an unnecessary directory lookup warning message on the nfs client when the client receives a directory fileid with bit 31 sign bit on. On a lesser extend, it also causes a slight nfs client caching performance penalty. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-771) ******** A potential security vulnerability has been discovered, where under certain circumstances, users can clobber temporary files created by shell commands and utilities (e.g. under /sbin, /usr/sbin, /usr/bin, and /etc). Compaq has corrected this potential vulnerability. PROBLEM: (81126) (PATCH ID: OSF440-776) ******** The sed command may perform very slowly if a regular expression that starts with ".*" is used with line joining operation. This patch fixes this performance problem. PROBLEM: (none, wc.symlink.003.sec_tunables) (PATCH ID: OSF440-791) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (90902, SSRT0788U) (PATCH ID: OSF440-699) ******** When the LANG environment variable is set to a very long string, some applications may crash with memory fault. This patch fixes the problem. PROBLEM: () (PATCH ID: OSF440-701) ******** This patch fixes the predictable TCP Sequence Number. PROBLEM: (BCGMC1CKJ, FR_G03239) (PATCH ID: OSF440-741) ******** This correction avoids a silent infinite loop in vdump by correcting the AdvFS system call OP_GET_BKUP_XTNT_MAP. The call will now return the valid xtntCnt when it fails due to E_NOT_ENOUGH_XTNTS. PROBLEM: (90130) (PATCH ID: OSF440-679) ******** This change is a fix for locking on retry case for multi-threaded select/poll. A panic with the following stack trace is indicative of this problem: PANIC: "thread_block: simple lock owned" panic thread_block() lock_wait lock_write solock soclose soo_close closef selscan do_scan select syscall _Xsyscall PROBLEM: (SSRT2266) (PATCH ID: OSF440-886) ******** A potential security vulnerability has been identified in the HP Tru64 UNIX operating system that may result in denial of service. This may be in the form of local and remote security domain risks. The following potential security vulnerability has been corrected: o SSRT2266 IGMP (Severity - High) PROBLEM: (117-1-17857:CA1Q70314, 89329) (PATCH ID: OSF440-672) ******** Applications that call fread() with large amounts of data may experience excessive I/O activity and slower performance than expected. Also, applications which issue individual fread() calls with a total data size representation that is greater than 32 bits (2^32 of data) will always read less than the requested amount due to a truncation error in fread(). This patch addresses these problems. PROBLEM: (88592, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-905) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (CLD/QAR/SPR, ---------------------, DE_G02338, 85263, 84086) (PATCH ID: OSF440-716) ******** This patch fixes mbuf memory corruption that can cause kernel memory fault panics. PROBLEM: (76393) (PATCH ID: OSF440-802) ******** To avoid a lock hierarchy violation open the clone before loading the extents of the original file. PROBLEM: (87480, 85699, 83921, grow, 85138, than) (PATCH ID: OSF440-726) ******** This patch enhances and fixes the following problems with the collect command: - Fix core-dumping problem when running with the -i0 flag - Reword some of the help messages in the Help() function - Add support for processes whose RSS and/or VSZ grow beyond 4.3G and fix misalignment problem when the RSS/VSZ fields grow beyond 10G. - Detect errors in datafile whose data version is less than 14 and whose recordlen is greater than 65535. PROBLEM: (94382, 94807, FR_G04495, FR_G05021) (PATCH ID: OSF440-922) ******** This patch corrects a problem in AdvFS where it avoids a potential stranded log record in memory that doesn't get out to disk by fixing a race condition. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-697) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. In addition the following changes were made: - shell inline input files are more secure - sh noclobber and new constructs added Updated sh, csh and ksh ----------------------- The updated shells in this kit all implement the following changes when processing shell inline input files: - File permissions allow only read and write for owner - If excessive inline input file name collisions occur the the following error message will be returned: "Unable to create temporary file" sh noclobber option and >| , >>| constructs added ------------------------------------------------- A noclobber option similar to that already available with csh and ksh has been added to the Bourne shell. When the noclobber option is used (set -C), the shell behavior for the redirection operators > and >> changes as follows: - For > with noclobber set, sh will return an error rather than overwrite an existing file. If the specified filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and sh returns an error. The >| construct will suppress these checks and create the file. - For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink whose target does not exist, sh returns an error rather than create the file. The >>| construct will suppress these checks and create the file. ksh noclobber behavior clarified -------------------------------- For > with noclobber set, ksh returns an error rather than overwrite an existing file. If the filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and ksh returns an error. The >| construct will suppress these checks and create the file. For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink to a non-existent file, ksh returns an error. csh noclobber behavior clarified -------------------------------- For > with noclobber set, csh returns an error rather than overwrite an existing file. If the filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and csh returns an error. The >! construct will suppress these checks and create the file. For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink to a non-existant file, csh returns an error. The >>! construct will suppress these checks and create the file. PROBLEM: (ZPO148195) (PATCH ID: OSF440-881) ******** This patch adds code to print greater than 61 UNIX domain sockets & change file read errors from /dev/kmem to ignore and continue in a running system. PROBLEM: (HPAQA117F) (PATCH ID: OSF440-692) ******** This patch fixes a problem with fopen. Prior to this fix, fopen would return "File not found" if it ran out of memory while trying to open a file. With this patch, fopen will return "Not enough space" when memory is exceeded. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-738) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (76129, 76401) (PATCH ID: OSF440-737) ******** A system can possibly panic when I/O errors occur on an AdvFS directory page. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-698) ******** PROBLEM: (90927) (PATCH ID: ) A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (95126) (PATCH ID: OSF440-952) ******** This patch prevents segmentation faults when sia_ses_init is passed a malformed argument vector. This problem was discovered when dxchpwd was passed several -x arguments. The Motif libraries modified the argument vector during intialization. This modified vector eventually caused a segmentation fault in SIA initialization. PROBLEM: (85506, 85749) (PATCH ID: OSF440-663) ******** This patch fixes a potential security problem. PROBLEM: (93623) (PATCH ID: OSF440-819) ******** There are some device driver errors that may succeed if they are retried. This change allows AdvFS to initiate a retry if one of those errors is detected. /sbin/sysconfig -r advfs AdvfsIORetryControl=nn where nn is 0-9 and modifies the number of retries AdvFS will attempt. AdvFS initiated retries are in addition to the retries that the device driver will already be doing. /sbin/sysconfig -q advfs AdvfsIORetryControl will display the current AdvFS initiated retry value. If an I/O fails and it is one of the errors that may be helped by an AdvFS initiated retry, then a message will be written to the console providing information on how to modify AdvFS I/O retry behavior, as well as the current AdvFS retry settings. PROBLEM: (94525) (PATCH ID: OSF440-866) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the sh utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (88474, 89240, HPAQ610G9) (PATCH ID: OSF440-661) ******** This patch fixes a problem with the c shell (csh) so that it now correctly recognizes the backslash ('\') meta character. PROBLEM: (DEK063069, BE_G01725, BCSM20DQH, STL351462, BCSM20RBF, HPAQC1VVB, 91815, HPAQ12S9K, BE_G03046) (PATCH ID: OSF440-742) ******** This patch fixes a problem with multi-threaded applications that can cause the application to consume 100% of the CPU usage time. The problem is two-fold: (1) a race condition in posting and delivering signals exists and (2) nxm_idle() fails to clear a condition that keeps it from ultimately blocking as it should when invoked by an idle scheduler thread. PROBLEM: (93714, 88135, 92143, 86119) (PATCH ID: OSF440-874) ******** PROBLEM: audit_tool does not correctly display information for a fcntl F_DUPFD event. PROBLEM: audit_tool -R command causes a core dump. PROBLEM: The audit_tool generates unaligned access messages for the exportfs system call when recording both writeaddrs and rootaddrs vectors. PROBLEM: (93018) (PATCH ID: OSF440-821) ******** This patch fixes a problem in the collect system monitoring tool when it is run in historical mode. Specifically, this patch fixes a parsing problem where the collect system monitoring tool rejects perfectly valid commandline arguments that include the string '0:0' such as 'w0@0:0' PROBLEM: (94301) (PATCH ID: OSF440-841) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the ksh utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (74585, BCSM41PFG, BCSM9074) (PATCH ID: OSF440-664) ******** This patch corrects the problem with csh(1) where if a non-root user performed an ls(1) with wild card characters on a directory having permission 700, then it would display the invalid error message, "Glob aborted." Now it displays the correct error message of "Permission denied". PROBLEM: (93382) (PATCH ID: OSF440-809) ******** This problem only occurs when Access Control Lists (ACLs) are enabled. It only occurs on AdvFS filesystems. If there is a Default Access ACL on a directory and a symbolic link is created in the directory the permissions on the symbolic link will appear to be the permissions from the Default Access ACL when you look at the permissions, e.g. with ls(1) or stat(2). Permissions are ignored for symbolic links, so access through the symbolic link is not affected. With this patch, new symbolic links created will show the proper permissions, rwxrwxrwx (777). PROBLEM: (85223, 84579) (PATCH ID: OSF440-676) ******** This patch corrects an NFS hang when the delayed option is used with the mount command. PROBLEM: (92468, 93276, 93877) (PATCH ID: OSF440-833) ******** This patch fixes two problems in the "ee" driver for DE60x 10/100 Ethernet adapters. These problems affect all Tru64 systems containing DE60x network interfaces. (1) A panic can occur while a system is rebooting if the "ee" driver is actively receiving data when its shutdown routine is called. This fix prevents buffers from being freed while they are still in use. (2) Occasionally a packet can stall in the send queue instead of being transmitted. It will be pushed onto the wire by the next packet that is transmitted. This fix prevents packets from stalling in the send queue. PROBLEM: (82734, 88992, 93322, 93499) (PATCH ID: OSF440-806) ******** Problem 1: The new_wire_method problem is a conflict between light weight wiring of segmented shared memory (ssm) and direct io. The problem can manifest itself in one of two ways: - Oracle users receive "Cannot connect to Oracle" error message - System performance degrades when users try to disconnect from Oracle Problem 2: The kernel malloc problem has only be seen with the ARMTech software and the panic is due to a malloc request size of zero. Stack trace follows: 1 panic src/kernel/bsd/subr_prf.c:1299 2 event_timeout src/kernel/arch/alpha/cpu.c:2322 3 printf src/kernel/bsd/subr_prf.c:984 4 panic src/kernel/bsd/subr_prf.c:1356 5 malloc_internal src/kernel/bsd/kern_malloc.c:1602 6 arm_db_load_keys database_files.c:208 7 read_tier structure_manager.c:401 8 read_definitions structure_manager.c:235 9 arm_db_new_structure structure_manager.c:679 10 arm_db_Initialise database_manager.c:449 11 ARMTsupport_configure export/build/ARM1_0-T64-Release1_0/ARMTech/src/ arch/Tru64/kern/common/support_module.c:239 12 subsys_conf src/kernel/bsd/subsys_conf.c:2529 13 kmodcall src/kernel/bsd/kern_kmodcall.c:317 14 syscall src/kernel/arch/alpha/syscall_trap.c:725 15 _Xsyscall src/kernel/arch/alpha/locore.s:1870 PROBLEM: (94599) (PATCH ID: OSF440-880) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the telnetd daemon. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (FR_G03596, DK_G03587, 85043, 85680, 88962, 88967, 90177) (PATCH ID: OSF440-794) ******** System may panic with: u_anon_free: page busy and the following stack trace: 0 boot 1 panic 2 u_anon_free 3 u_anon_unmap 4 u_map_delete 5 vm_map_exit 6 exit 7 syscall 8 _Xsyscall This is due to I/O clustering leaving pages held in certain code paths. PROBLEM: (SSRT2275) (PATCH ID: OSF440-984) ******** This patch provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. PROBLEM: (95011) (PATCH ID: OSF440-951) ******** The following corrections are made to the tar program - when a trailing slash is presented to the extract (-x) and list (-t) options the specified directory will be restored without its contents. - when a directory specification includes more than one trailing slash the create (-c) option will now strip extra slashes before writing the directory name to the archive. PROBLEM: (90180, GROWTH) (PATCH ID: OSF440-685) ******** In programs that use both malloc and mmap, malloc can sometimes allocate very large amounts of memory from the kernel, more than 100 times the amount of memory requested. This causes unnecessary use of swap space. This patch fixes malloc's overallocation of memory. PROBLEM: (95529) (PATCH ID: OSF440-987) ******** PROBLEM: a kernel mmemory fault panic occurs in the audcntl routine (kern_auditcalls.c) the first time the audit daemon attempts flush its kernel buffers to the audit log at user selected frequency (auditd -d freq). This problem may also occur when the audcntl syscall GET_DATALEN function is used from a privileged user id. PROBLEM: (KAOB74580) (PATCH ID: OSF440-884) ******** This patch corrects a problem with could result either in the panic of a cluster member or in inconsistent data when the sbcompress_threshold configurable is set. PROBLEM: (81512) (PATCH ID: OSF440-814) ******** This problem will only be seen if you mmap a file with the MAP_PRIVATE flag. The time that it takes for the msync system call to complete will grow exponentially with the range that is passed in. With files that are a gigabyte or more, the msync call can take several minutes to complete. This patch signifigantly decreases the amount of time that msync takes to complete. PROBLEM: (87975, SSRT0711U) (PATCH ID: OSF440-876) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (79003, 79387, 86209, 92262, 95414) (PATCH ID: OSF440-1034) ******** This patch fixes several potential system crash problems in the "lfa" driver for DAPBA and DAPCA ATM adapters. Sometimes when halting or rebooting a system that is currently using a DAPBA or DAPCA ATM adapter, the system will crash. This does not happen consistently; a system may reboot successfully many times without triggering this problem. A panic can occur in this driver under some circumstances that are not well understood. This patch includes a fix so that even in these rare cases the system will not crash. PROBLEM: (94224) (PATCH ID: OSF440-903) ******** PROBLEM: Some CDROM media created by third party software can be mounted, but not viewed with commands such as ls() or find(). PROBLEM: (BCGMA1Q9S, 89434) (PATCH ID: OSF440-707) ******** This patch fixes a problem where decreasing the smoothsync_age does not always have an effect. PROBLEM: (TKT327302) (PATCH ID: OSF440-907) ******** This patch fixes a problem in the kernel network subsystem that caused a kernel memory fault panic in the routine m_adj(). PROBLEM: (90264, 90340) (PATCH ID: OSF440-1001) ******** PROBLEM: When the disk is nearly full and the BMT needs to be extended, if the extension failed, the system would panic with a message like the following: ftx_done_urdr: handle level N1 doesn't match ftx lvl N2 This problem is now fixed. PROBLEM: If a disk is very fragmented and we try to extend the BMT (e.g because we are creating new files), the extension might fail even though there is disk space left and the BMT has not reached its theoretical maximum number of extents (about 680). In some cases, the number of extents in the BMT was as low as 200. This fix ensures that we will not fail the BMT extension unless we have reached the theoretical maximum number of extents. Note that the extension can still fail if we run up against this maximum, even though there might be disk space left. PROBLEM: (92205, 82981) (PATCH ID: OSF440-799) ******** This change fixes kernel memory faults caused by ufs_sync_int accessing an inactivated or de-allocated vnode. In irefresh the MOUNT_VLIST_LOCK is dropped when calling vgone and iget. The mounted vnode list could change during this time and the pointer to the next vnode could become invalid causing a Kernel Memory Fault panic. PROBLEM: (85698) (PATCH ID: OSF440-757) ******** This patch provides a fix for QAR 85698 where the collect utility does not reproduce the CPU-type correctly. The collect utility has been updated from Version 2.0.2 to 2.0.3 PROBLEM: (89979) (PATCH ID: OSF440-1004) ******** Patch eliminates compiler warnings in 'ksh'. PROBLEM: (82569, PTR) (PATCH ID: OSF440-748) ******** The child process of a fork() can deadlock during pthread reinitialization. This might happen when old threads are being cleared and the TSD (Thread Specific Data) deconstructors are called. These destructors call malloc free and can deadlock within libc, because libc mutexes are still locked for the fork. The child process will deadlock over an internal DECthreads scheduler mutex. The result may be a DECthreads bugcheck containing information similar to the following: %DECthreads bugcheck (version V3.16-028), terminating execution. % Reason: krnMcsLock: deadlock detected, cell = 0x3ffc01b1330 % Running PROBLEM: (88588) (PATCH ID: OSF440-889) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (93904) (PATCH ID: OSF440-816) ******** When an application which is linked against libpthread calls dlclose, some libc internal exception handling information is not freed. Although it is a small amount of memory lost on each dlclose operation, applications which repeatedly open and close libraries may notice this problem. This patch corrects the problem. PROBLEM: (HPAQ20H9Q) (PATCH ID: OSF440-754) ******** This fix corrects a problem where df was showing negative values for large nfs filesystems. PROBLEM: (90214, 90549) (PATCH ID: OSF440-687) ******** This patch fixes a kernel memory fault due to a bug in kernel code. A typical stack trace that could be an indication of this problem appears as the following: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1346 1 panic src/kernel/bsd/subr_prf.c : 1296 2 event_timeout src/kernel/arch/alpha/cpu.c : 2212 3 printf src/kernel/bsd/subr_prf.c : 981 4 panic src/kernel/bsd/subr_prf.c : 1353 5 trap src/kernel/arch/alpha/trap.c : 2266 6 _XentMM src/kernel/arch/alpha/locore.s : 2143 7 free src/kernel/bsd/kern_malloc.c : 2164 8 semop src/kernel/bsd/svipc_sem.c : 1424 9 syscall src/kernel/arch/alpha/syscall_trap.c : 725 10 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 PROBLEM: (82676, 83023, 89034, 83595, 86613, 87468, 90044, 90078, 92134) (PATCH ID: OSF440-1005) ******** This submit request fixes the following problems 1)Now tar command displays error upon any write errors. 2)tar/pax/cpio now have option not to alter ctime of input files upon creating the archive. And displays a warning message in case if not able to preserve the time for pax/cpio. 3)pax -l option creates hard links whenever possible 4)cpio -m does not overwrite the destination file if it has same mtime as of source file. 5)tar -o option makes sure now that all files will be owned by current user and not the user from archive, even for symlinks. 6)cpio handles files owned by users with exteneded uids properly. 7)pax handles directories which has ACL on them properly now. 8)tar works fine now with long filenames. PROBLEM: (93730, SSRT0845U) (PATCH ID: OSF440-835) ******** A potential security vulnerability has been identified in the HP Tru64 UNIX operating system which may result in non-privileged users gaining unauthorized access to files or privileged access on the system. This potential vulnerability may be in the form of a local and remote security domain risk. Cross Reference: VU#809347 The following potential security vulnerability has been corrected: o SSRT0845U stdio file descriptors (Severity - High) PROBLEM: (92479, BCGM30G4Q) (PATCH ID: OSF440-772) ******** "An "mcs_lock: lock aready owned by cpu" system panic occurs against task-lock for applications that directly call nxm_get_bindings. An example stack trace may be: 4 panic 5 simple_lock_fault 6 mcs_lock_state_violation 7 task_hold 8 thread_ex_check 9 sigexit 10 psig 11 trap 12 _XentMM PROBLEM: (88758) (PATCH ID: OSF440-673) ******** The routine msfs_unmount() could cause a hang if the underlying filesystem is currently busy. PROBLEM: (88561) (PATCH ID: OSF440-854) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (95049, TKT370920) (PATCH ID: OSF440-997) ******** This patch addresses three basic issues: 1) The TCP window has been increased from 96 KB to 500 KB for performance improvements. 2) This patch will have the netisr thread dynamically estimate the reply size and subsequently reserve the space in the socket buffer. 3) A new timeout check has been added to notice when the data hasn't been ACKnowledged in 30-50 seconds and copies those buffers. This will allow the UBC to free up those mbufs and not tie them up. PROBLEM: (89814, 117-1-18182) (PATCH ID: OSF440-688) ******** This patch corrects a problem in which ksh fails to substitute the tilde (~) character for a user's home directory after an assignment using the "#" or "%" characters has been used. PROBLEM: (94214) (PATCH ID: OSF440-933) ******** This patch allows the collect monitoring tool to recognize and gather KZPCC disk statistics. PROBLEM: (94251, 94298) (PATCH ID: OSF440-832) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (95294) (PATCH ID: OSF440-966) ******** For sites which have either the /tmp or /var/tmp filesystem as a separate AdvFS domain, the nightly dirclean entries in root's crontab file previously generated error messages for failures to remove these entries. The /usr/sbin/dirclean utility no longer attempts to remove the .tags directory or the quota.group and quota.user files. (For UFS filesystems, dirclean will still remove a .tags directory normally.) PROBLEM: (DE_G02016) (PATCH ID: OSF440-719) ******** In ubc_page_alloc() if there are a lot of pages in excess we can loop for long time especially if there are a lot of clean pages. The object lock is not dropped. We panic with simple_lock_timeout. PROBLEM: (HPAQA117F, 91886) (PATCH ID: OSF440-727) ******** This patch fixes a problem with strerror where buffers could not be allocated. The problem is occurs when a user exhausts memory, then, tries to use strerror to get the error string. Instead of the error string, the user gets a NULL return result from strerror. PROBLEM: (37500) (PATCH ID: OSF440-992) ******** Patch makes start up scripts in /sbin/init.d world readable. PROBLEM: (HPAQ70382) (PATCH ID: OSF440-895) ******** Fix for kernel memory fault panic in the IP multicast loopback code. One would only see this panic if there are IP multicast packets while someone is using packetfilter to monitor the interface. 4 panic src/kernel/bsd/subr_prf.c : 1353 5 trap src/kernel/arch/alpha/trap.c : 2266 6 _XentMM src/kernel/arch/alpha/locore.s : 2143 7 _OtsMove src/kernel/arch/alpha/ots_move_alpha.s : 1762 8 m_copydata src/kernel/bsd/uipc_mbuf.c : 865 9 eestart_locked src/kernel/io/dec/netif/if_ee.c : 4839 10 eestart src/kernel/io/dec/netif/if_ee.c : 4530 11 ether_output src/kernel/net/if_ethersubr.c : 1624 12 ip_output src/kernel/netinet/ip_output.c : 998 13 udp_output src/kernel/netinet/udp_usrreq.c : 1954 14 udp_usrreq src/kernel/netinet/udp_usrreq.c : 2153 15 sosend src/kernel/bsd/uipc_socket.c : 3109 16 sendit src/kernel/bsd/uipc_syscalls.c : 1154 17 sendto src/kernel/bsd/uipc_syscalls.c : 869 18 syscall src/kernel/arch/alpha/syscall_trap.c : 725 19 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 PROBLEM: (93744, 93747, 94094, 94139, 94123, SSRT2190, SSRT2192, SSRT2257, SSRT2259, SSRT2262) (PATCH ID: OSF440-826) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the chfn, chsh, or passwd utilities. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (BCGM51RKR) (PATCH ID: OSF440-715) ******** This addresses a kernel memory fault panic in malloc_thread(). panic() trap() _XentMM() malloc_thread() PROBLEM: (87371) (PATCH ID: OSF440-680) ******** This patch corrects locking problems in vclean(). PROBLEM: (DE_G03130, 91613) (PATCH ID: OSF440-785) ******** This patch fixes heap and stack limitations in the older O.S. versions required for SAP. PROBLEM: (88424, 88447, 88485, 88536, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-810) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (92820) (PATCH ID: OSF440-834) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. HP has corrected this potential vulnerability. PROBLEM: (92818) (PATCH ID: OSF440-836) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. HP has corrected this potential vulnerability. PROBLEM: (92041) (PATCH ID: OSF440-906) ******** Systems configured with VX1 graphics cards will not switch the graphics head display to VGA text mode. When the Xserver window system is running, VGA text display mode should be restored when the halt button is pressed. Console commands can then be echo'd to the VGA display for diagnostic purposes. Without this fix, the console commands will not be displayed. PROBLEM: (87224) (PATCH ID: OSF440-875) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (72225, 82023) (PATCH ID: OSF440-714) ******** This patch corrects a race condition which could result in a failure to set the modification time of a file. This occurs only on a ufs filesystem. PROBLEM: (STL428023) (PATCH ID: OSF440-829) ******** Do no initialize USB Hub on systems where USB is not supported. This avoids a rare KMF where the faulting virtual address and pc are : fault_va = 0x6275685f627374 = "usb_hub" fault_pc = 0x6275685f627374 = "usb_hub" PROBLEM: (88758) (PATCH ID: OSF440-689) ******** This patch adds an initialization of a variable setp necessary for an earlier patch v40fsupportos-673-bfritz. PROBLEM: (93488, 93445, 93446, 93447, 93448, 93449, 93524) (PATCH ID: OSF440-915) ******** This patch prevents a situation where the system will panic when certain system calls are made with bad input. PROBLEM: (93003) (PATCH ID: OSF440-818) ******** This patch alleviates a temporary hang/pause condition seen when forking or running down an application with several child processes, from a parent process having an extremely large number of unique or discontigous memory allocations. The temporary hang/pause occurs during the forking or run-down of child processes belonging to a parent process with an extremely large number of map entries (>30000). The hang is the result of having to inherit or remove the extensive list of map entires to or from the child process while other activity is taking place against the process address space. The hang/pause condition is only temporary and should eventually make forward progress. The length of the hang is related to the number of map entries the parent process has and the number of child processes involved. The larger the number of map entries and the more child processes involved, the longer the hang. Map entries are descriptors that describe the various parts of a processes address space. A map entry is created for each unique or non-adjacent address space that is created. Depending on which CPU the forking or exitting process is running on, the hang may cause telnet or ping requests to also hang temporarily. PROBLEM: (117-1-19056) (PATCH ID: OSF440-783) ******** This fix corrects a problem in which ksh did not clean up the processes associated with a terminal once the window was closed. PROBLEM: (91618) (PATCH ID: OSF440-973) ******** When enhanced core file naming is on, an incorrect msg is printed when core dumps. The message file has been modifed accordingly to correct this problem. PROBLEM: (90369, FR_G02425) (PATCH ID: OSF440-691) ******** This patch fixes a problem with ksh. When a ksh menu is started from within user's .profile, ksh will not stop when the telnet session is stopped. PROBLEM: (HGO091469, 87558) (PATCH ID: OSF440-702) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This could result in a panic with the string: "lock_clear_recursive: recursion not enabled." Compaq has corrected this potential vulnerability. PROBLEM: (BCGM6022J, BCGM704G5, BCGM704G8, 93947) (PATCH ID: OSF440-871) ******** This patch corrects the problem where telnetd leaves an extra udp port open. PROBLEM: (91871, none) (PATCH ID: OSF440-808) ******** This problem will only appear if rt_preempt_opt is set to 1. Invalidating a portion of a very large file, via a call to ftruncate for example, can make the filesystem appear hung. Other programs that attempt to access that filesystem will hang until the original invalidation completes. PROBLEM: (89295, 89838) (PATCH ID: OSF440-733) ******** PROBLEM: (89295, 89838) (PATCH ID: ) DEGPA and NetRAIN ----------------- DEGPA adapters will cease to communicate occasionally in a NetRAIN configuration. Investigation via ifconfig will reveal the MAC (HWaddr) addresses are the same, which is not a valid configuration. # ifconfig -va alt0: flags=c63 NetRAIN Virtual Interface: nr1 NetRAIN Attached Interfaces: ( alt0 alt1 ) Active Interface: ( alt0 ) HWaddr 0:60:6d:21:24:7b alt1: flags=c63 NetRAIN Virtual Interface: nr1 NetRAIN Attached Interfaces: ( alt0 alt1 ) Active Interface: ( alt0 ) HWaddr 0:60:6d:21:24:7b DEGPA and vMAC -------------- DEGPA adapters have not previously supported vMAC (for example with cluster alias). Clients within same subnet as cluster alias are not able to ping nor telnet their cluster alias due to the vMAC address not responding. PROBLEM: (92819) (PATCH ID: OSF440-843) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. HP has corrected this potential vulnerability. PROBLEM: (94442) (PATCH ID: OSF440-850) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the dxterm utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (95001) (PATCH ID: OSF440-967) ******** Memory leaks are avoided in bourne shell. PROBLEM: (DEK035065, 87183, 77549) (PATCH ID: OSF440-721) ******** This patch corrects a Kernel Memory Fault that could result from an inp pointer disappearing when the listen socket is in the process of closing at the same time a new connection is establishing. An example stack trace might look like: crash> tf > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 585 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1159 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1707 7 _XentMM src/kernel/arch/alpha/locore.s : 1677 8 tcp_input src/kernel/netinet/tcp_input.c : 913 9 ipintr src/kernel/netinet/ip_input.c : 1222 10 netisr_thread src/kernel/net/netisr.c : 1181 PROBLEM: (BCSM31TQK) (PATCH ID: OSF440-787) ******** This patch fixes a problem where calling send() with the AIO flags set can cause the system to panic with a kernel memory fault in the "aio_send" code. PROBLEM: (88982) (PATCH ID: OSF440-976) ******** The more command dumps core when given both a non-existing file and a non-empty file with long filename. Eg: Let 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX' be existant file with long file name( the filename should be long enough to cross the number of columns on the screen) under /tmp and 'text' be a non-existant file. $ more text /tmp/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXX text:No such file or directory. /tmp/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXX(PRESS RETURN)segmentation fault (core dumped). PROBLEM: (92275) (PATCH ID: OSF440-963) ******** ARP request for a permanent ARP entry is ignored, user cannot connect from remote system. Using non-permanent ARP works fine. The ARP request packet was inadvertently dropped, so no reply was sent. Fixed by not dropping ARP request packets, only ARP reply packets. PROBLEM: (93643) (PATCH ID: OSF440-882) ******** Fixed two code paths where we could accidentally lookup the unspecified address (0.0.0.0), find an ARP entry for it, and start the timer ticking away on it eventually causing a panic. PROBLEM: (95085, SSRT2384) (PATCH ID: OSF440-957) ******** A potential security vulnerability has been discovered in the HP Tru64 UNIX operating system that may result in a Denial of Service (DoS). This potential vulnerability may be in the form of local and remote security domain risks. The following potential security vulnerability has been corrected: SSRT2384 rpc (Severity - High) PROBLEM: (93126, 93724) (PATCH ID: OSF440-813) ******** Excessive FIDS_LOCK contention is observed when large number of files using system based file locking. Result from "lockinfo -sort=misses -d 20 -f 200 -p 25 -l 20" will shows at the top of the list with a high miss rate. PROBLEM: (91884, SSRT1-45U) (PATCH ID: OSF440-743) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (FR_G04662) (PATCH ID: OSF440-867) ******** This patch corrects a problem which could result in an alias IP address being incorrectly promoted to being the primary address when another alias is removed. PROBLEM: (85854) (PATCH ID: OSF440-815) ******** Bourne shell has a major problem when you use type utility. When you run type utility with file path of more than 69 chars, then sh generates invalid memory reference, and thus causes memory fault. When ever memory fault is generated, it calls the signal hadler fault() routine, and this intern calls growstack() routine. When multiple times called fault(), and growstack drastically increases stack area, and thus this process will not allow other process to make use of swap space. Hence, all applications will shutdown, and system hangs. The problem is so happened that static char array size msgbuf[128] is used to store standard o/p of type utility. When file path is 69 characters, then overall o/p of type utility will become more than 128 chars and thus running out of space. To avoid this problem have allocated memory dynamically of size standard o/p of type utility. Steps to reproduce: ------------------- #mkdir -p caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node #touch caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node/fluent_smpi.5.3.18 #chmod +x caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node/fluent_smpi.5.3.18 # type sh sh is /sbin/sh # sh # type caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node/fluent_smpi.5.3.18 > -> swap space below 10 percent freeswap space below 10 percent free Unable to obtain requested swap space Unable to obtain requested swap space no space PROBLEM: (BCSM218KR) (PATCH ID: OSF440-746) ******** This patch fixes a problem with dataless client failure over a network and also corrects a problem with bootable tape devices potentially failing due to a kernel memory fault. PROBLEM: (BCSM71HXG) (PATCH ID: OSF440-669) ******** Correction in cron to correctly handle backslashes included "\" commands so that crontab and /dev/console output do not include backslashes. PROBLEM: (89465, 89744, INVALID, 90057, 90077, 90272) (PATCH ID: OSF440-735) ******** The patch updates the emx driver to v2.03 and fixes a problem which could cause an emx driver panic during adapter resets. PROBLEM: (KAOB83087) (PATCH ID: OSF440-912) ******** This patch fixes a one byte gap/hole in the maximun size in the tar command before an extended header record is used (8589934591 (octal 77777777777)). PROBLEM: (84839) (PATCH ID: OSF440-749) ******** When displaying unlinked references, output the reference flag to indicate the type of reference. This is helpful in the case of closed, unlinked, and mmapped references. PROBLEM: (91602, 92396) (PATCH ID: OSF440-770) ******** The cdfs file system, based upon ISO9660 format, limited the size of the file system to 2.1GB which is less than the available space offered by DVD media formatted for ISO9660. This patch allows access to the full capacity of DVD media when utilizing an ISO9660 formatted file system on it. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-728) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (95046) (PATCH ID: OSF440-942) ******** A panic can occur when reading granularity hint memory from another process via the procfs interface. Typical stack trace as follows: 4 panic 5 trap 6 _XentMM 7 vm_handle_if_gran_hint 8 procfs_read 9 vn_read 10 rwuio 11 read 12 syscall 13 _Xsyscall PROBLEM: (DE_G02010, 89577, 90046) (PATCH ID: OSF440-667) ******** This patch fixes a problem when there is a "hole" in the virtual disk array. When this occurs, the disk partition "appears" in the output even though it doesn't exist. The error output produced comes from advscan where it shows domains existing when they don't (the hole). Additionally, the mount -o dual produces an I/O error. This looks like: # /sbin/advfs/advscan rz2 Scanning devices /dev/rrz2 Found domains: d Domain Id 3b38b962.00094a1e Created Tue Jun 26 18:33:38 2001 Domain volumes 2 /etc/fdmns links 2 Actual partitions found: rz2d rz2f rz2g* <----- Partition g still has the old domain ID! d1 Domain Id 3b38ba1a.000cfffa Created Tue Jun 26 18:36:42 2001 Domain volumes 2 /etc/fdmns links 2 Actual partitions found: rz2e And: # mount -o dual d1#1 /mnt1 Dual mounting a split mirror AdvFS filesystem. This takes a short while to update the domain's ID. d1#1 on /mnt1: I/O error PROBLEM: (AT_G02038) (PATCH ID: OSF440-696) ******** This patch fixes a problem which can result in a panic, hang, or corruption from vnode deallocation during an unmount. This also fixes a 'VFS_UNMOUNT panic' upon unmount. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF440-694) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (94247) (PATCH ID: OSF440-840) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the csh utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (UVO58439K) (PATCH ID: OSF440-724) ******** This patch fixes a problem of incorrect default route modification in which there is a race condition between gated startup and installation of static routes. PROBLEM: (89053) (PATCH ID: OSF440-740) ******** The error path in xfer_xtnts_to_clone() could cause the following two panic messages: "bs_real_invalidate_pages(#): buf refd or pinned" "bs_purge_dirty: buf refd or pinned" PROBLEM: (95264, SSRT2412) (PATCH ID: OSF440-1017) ******** A potential security vulnerability has been discovered that may result in a denial of service (DoS) on RPC-based HP Tru64 UNIX servers with Enhanced Security (C2) enabled. This potential security vulnerability may be in the form of local and remote security domain risks. SSRT2412 portmapper with Enhanced Security (C2)enabled (Severity - High) PROBLEM: (77830) (PATCH ID: OSF440-758) ******** New log changes increased parallelism and uncovered this bug. The #ifdefs are backwards in the page validation routine. This can happen when a page is unpinned for the first time and an ftx_fail causes a read of that log page. PROBLEM: (85855) (PATCH ID: OSF440-777) ******** This patch fixes a problem with RLIMIT_DATA process limits when running fsck on a large file system. PROBLEM: (94450, SSRT2309) (PATCH ID: OSF440-855) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the xdr library, which is used by the rpc library. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (90468) (PATCH ID: OSF440-690) ******** This patch fixes a potential race condition in the Virtual Memory subsystem. The race condition is between the vm_page_prewrite() and vm_page_stealer() routines. There is a small window where both of those routines, running in different kernel threads, can get access to the same page on the inactive list. Once this happens, one thread will try to "clean" the page because it's modified, while the other thread will simply "free" the page because the first thread cleared the modified state. This quickly results in a crash involving the VM page lists. The crash on a V4.0F system where this problem was originally reported was a "kernel memory fault" although other types of crashes are likely. Here is the stacktrace from the V4.0F crashdump that this srequest addresses: crash> tf : 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1760 7 _XentMM src/kernel/arch/alpha/locore.s : 1741 8 vm_page_clean_in_place_done src/kernel/vm/vm_pagelru.c : 1650 9 vm_async_swdone_lwc src/kernel/vm/vm_swap.c : 1230 10 lwc_schedule src/kernel/bsd/lwc.c : 172 11 thread_block src/kernel/kern/sched_prim.c : 2207 12 xpt_callback_thread src/kernel/io/cam/xpt.c : 3201 In this crash, the vm_page_clean_in_place_done() routine was called (indirectly) as a result of an I/O-completion for the page being written to the swap device. The vm_page_clean_in_place_done() expected to remove the page from the inactive list and put it on the free list. However, since the vm_page_stealer() had already earlier "freed" the page, the page now belonged to Advfs and was now on the UBC lists. With the page on the UBC list, the "p" pointers are null and the vm_page_clean_in_place_done() routine crashes when it invokes the VM_PAGE_QUEUES_REMOVE(pp) macro. PROBLEM: (TKT200039, QAR88885) (PATCH ID: OSF440-662) ******** This patch eliminates a Simple Lock Time Limit Exceeded due to the IoQueueMutex being held in bs_real_invalidate_pages. The following data is relevant to identifying this situation: (From pmsgbuf) lock class name: IoQueueMutex current lock state:0xc00000ad003ec215 (cpu=0,pc=0xfffffc00003ec214,busy) The pc above is in the routine bs_real_invalidate_pages. There is a running thread which has that routine in its stack before being interrupted by the forced crash. PROBLEM: (94472, SSRT2301) (PATCH ID: OSF440-860) ******** A potential security vulnerability has been discovered in the HP Tru64 UNIX operating system, where under certain circumstances, system integrity may be compromised through improper file access (overwriting of files). This potential vulnerability is in the form of a local security domain risk. The following potential security vulnerability has been corrected: o SSRT2301 uudecode (Severity - Medium) PROBLEM: (FR_G01637) (PATCH ID: OSF440-755) ******** To avoid a form of log corruption we no longer reuse log pages. In one case this corruption resulted in a system hang caused by a huge, unreasonable malloc. PROBLEM: (SE_G04310, DSATL0S0X) (PATCH ID: OSF440-865) ******** This patch corrects a problem introduced in a prior patch which can result in a system panic when outputting through the packet filter. PROBLEM: (92353, BCPM30LC8) (PATCH ID: OSF440-830) ******** Errors occur when running SAS. PROBLEM: (81917, 95245) (PATCH ID: OSF440-949) ******** This patch address 2 issues. 1) When file system is full (/var) and crontab is issued to edit the crontab entries, earlier it use to truncate the entries. Now it performs check on whether the new entries are copied before replacing the existing entries 2) If a file system is full and we are editing a file in 'vi', then there is a possibility that file gets truncated upon write operation. Now vi has been modified to handle this scenario by reserving the blocks required ahead. If it fails in reserving the blocks, it comes out with error without truncating the existing file. PROBLEM: (BCPMA0L7X) (PATCH ID: OSF440-708) ******** This patch fixes an "unaligned access" panic when attempting to free or malloc memory from the 512 byte kernel memory bucket (bucket 5). A typical stack trace of the panicing thread looks like the following. 5 panic src/kernel/bsd/subr_prf.c : 804 6 afault_trap src/kernel/arch/alpha/trap.c : 2594 7 _XentUna src/kernel/arch/alpha/locore.s : 1863 8 free_trim src/kernel/bsd/kern_malloc.c : 1624 9 free src/kernel/bsd/kern_malloc.c : 1677 10 getnewvnode src/kernel/vfs/vfs_subr.c : 1985 11 get_n_setup_new_vnode src/kernel/msfs/bs/bs_access.c : 3326 12 rbf_access_one_int src/kernel/msfs/bs/bs_access.c : 2803 13 rbf_access_int src/kernel/msfs/bs/bs_access.c : 2608 14 rbf_vfs_access src/kernel/msfs/bs/bs_access.c : 2458 15 bf_get_l src/kernel/msfs/osf/msfs_misc.c : 1321 16 msfs_lookup src/kernel/msfs/osf/msfs_lookup.c : 839 17 namei src/kernel/vfs/vfs_lookup.c : 610 18 stat1 src/kernel/vfs/vfs_syscalls.c : 3087 19 lstat src/kernel/vfs/vfs_syscalls.c : 3067 20 syscall src/kernel/arch/alpha/syscall_trap.c : 627 21 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 PROBLEM: (DE_G02408, 90319) (PATCH ID: OSF440-705) ******** This patch fixes a kernel build failure seen during an Update Installation from CD-ROM. The problem affects systems whose default time zone (/etc/zoneinfo/localtime) is not in North or South America. For example, this problem affects a system in Germany running V4.0F with the symbolic link /etc/zoneinfo/localtime pointing to ./Europe/Berlin. After the installupdate command loads the new subsets and the system reboots from the new generic kernel, the custom kernel build fails with this message: Make: Don't know how to make kern/lockinfo.c PROBLEM: (SSRT2275) (PATCH ID: OSF440-965) ******** Chatr (Change Attribute) is a new tool which can enable or disable execution from data (stack or heap) by changing a binary's file attribute. This patch provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. PROBLEM: (93451) (PATCH ID: OSF440-1026) ******** After installing V4.0F Patch Kit 7 (BL18), gettimezone fails to correctly present the time zone choices menu. PROBLEM: (96000) (PATCH ID: OSF440-1048) ******** The problem caused a crash on reboot when running in lockmode 4 PROBLEM: (84770) (PATCH ID: OSF440-1053) ******** The cylinder summary area of UFS was created with a static capacity of 256k. This limits the total number of cylinder groups to 16384 which may be less than the number of cylinder groups required for a large file system of approximately 800gb or more. This can cause system panics when attempting to access data beyond cyl group 16K. PROBLEM: (96196) (PATCH ID: OSF440-1065) ******** This fixes a problem in the Network startup script where we could fail to configure an interface with an IP address. PROBLEM: (96183) (PATCH ID: OSF440-1063) ******** /usr/bin/csh was picking wrong message catalog entry from the translated message catalog when LANG set to japanese locale. Patch fixes this problem. PROBLEM: (96333, SSRT2323) (PATCH ID: OSF440-1070) ******** Fix to close a security hole described in SSRT2323. I have included the relevant exerpts below. II. Problem Description A few system calls were identified that contained assumptions that a given argument was always a positive integer, while in fact the argument was handled as a signed integer. As a result, the boundary checking code would fail if the system call were entered with a negative argument. III. Impact The affected system calls could be called with large negative arguments, causing the kernel to return a large portion of kernel memory. Such memory might contain sensitive information, such as PROBLEM: (221-1-931) (PATCH ID: OSF440-1020) ******** This patch fixes the problem encountered with the Bourne shell when a filename with trailing slash ("/") is used as an argument to the command. PROBLEM: (95536) (PATCH ID: OSF440-1024) ******** This patch corrects a NIS client hang sometimes seen when trying to connect with some third party NIS servers that only support the V2 NIS protocol. PROBLEM: (90390, 94386, 96169, 96295, BCGM400N5) (PATCH ID: OSF440-1076) ******** This patch fixes four problems in the "ee" driver for DE60x Ethernet adapters: 1. Previous versions of the driver would use a full-size buffer for the range of packet lengths from 64-1518 bytes. This patch allows the driver to copy into a small buffer when appropriate to prevent the driver from consuming excessive amounts of memory. 2. A timing window was identified which could result in the occurance of a transmit timeout. The window was closed to prevent the problem. 3. Flow control is now enabled by default in the driver to reduce the possibility of dropping frames. 4. The default size of the receive ring was increased from 32 to 256 entries to enhance receive performance and mitigate the possibility of dropping frames. PROBLEM: (96593) (PATCH ID: OSF440-1088) ******** This patch fixes IO hangs that occur on fibre channel when multiple ports are removed from the fabric simultaneously. Example triggers of this problem include the loss of a non-adjacent switch on a multi-switch SAN or an unexpected powering down of a storage device. PROBLEM: (96800) (PATCH ID: OSF440-1100) ******** The patch fixes a memory fault condition in the emx driver that occurs when responding to an inquiry command from a remote port in the fabric. The problem is that a data structure is not being correctly referenced when attempting to gather inquiry information about the HBA.